Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/582846?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/582846?format=api", "purl": "pkg:deb/debian/curl@0?distro=trixie", "type": "deb", "namespace": "debian", "name": "curl", "version": "0", "qualifiers": { "distro": "trixie" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "7.10.7-1", "latest_non_vulnerable_version": "8.20.0-1", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69487?format=api", "vulnerability_id": "VCID-176a-agbw-hqdy", "summary": "curl: libcurl: QUIC Certificate Pinning Bypass", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-5025.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-5025.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-5025", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18692", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18979", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18986", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18939", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18888", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18841", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18854", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18867", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18756", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18736", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.19078", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.19129", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18846", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18926", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-5025" }, { "reference_url": "https://curl.se/docs/CVE-2025-5025.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Medium", "scoring_system": "cvssv3.1", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T16:19:34Z/" } ], "url": "https://curl.se/docs/CVE-2025-5025.html" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://hackerone.com/reports/3153497", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T16:19:34Z/" } ], "url": "https://hackerone.com/reports/3153497" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2368888", "reference_id": "2368888", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2368888" }, { "reference_url": "https://security.archlinux.org/AVG-2887", "reference_id": "AVG-2887", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2887" }, { "reference_url": "https://curl.se/docs/CVE-2025-5025.json", "reference_id": "CVE-2025-5025.json", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T16:19:34Z/" } ], "url": "https://curl.se/docs/CVE-2025-5025.json" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582846?format=api", "purl": "pkg:deb/debian/curl@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582363?format=api", "purl": "pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-2szj-xvgq-pkfr" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-4e1k-7bj9-hfch" }, { "vulnerability": "VCID-4gze-cwtp-2bgr" }, { "vulnerability": "VCID-4seq-hvbx-7fg8" }, { "vulnerability": "VCID-56wg-yafz-gkgx" }, { "vulnerability": "VCID-6we4-n888-6qhe" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-ddgz-rczw-jqfw" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-pwn6-j8vf-rufk" }, { "vulnerability": "VCID-qbpd-star-6fgn" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-xpss-yndr-mycj" }, { "vulnerability": "VCID-yaas-j3qk-kfdg" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.74.0-1.3%252Bdeb11u13%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582364?format=api", "purl": "pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-2szj-xvgq-pkfr" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-5xp7-mcsa-uqd4" }, { "vulnerability": "VCID-6we4-n888-6qhe" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-ksap-zrmb-ebcu" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.88.1-10%252Bdeb12u14%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/585168?format=api", "purl": "pkg:deb/debian/curl@8.14.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.14.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582365?format=api", "purl": "pkg:deb/debian/curl@8.14.1-2%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-5xp7-mcsa-uqd4" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-amgy-dw6h-6ydf" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-kt4b-7ffh-4bch" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.14.1-2%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582366?format=api", "purl": "pkg:deb/debian/curl@8.19.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582367?format=api", "purl": "pkg:deb/debian/curl@8.19.0-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1067521?format=api", "purl": "pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1077418?format=api", "purl": "pkg:deb/debian/curl@8.20.0~rc3-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1088654?format=api", "purl": "pkg:deb/debian/curl@8.20.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-5025" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-176a-agbw-hqdy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/71915?format=api", "vulnerability_id": "VCID-26p8-15d6-kbb1", "summary": "libcurl: Double Close of Eventfd in libcurl", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-0665.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-0665.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-0665", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04569", "scoring_system": "epss", "scoring_elements": "0.89243", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.04569", "scoring_system": "epss", "scoring_elements": "0.89214", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.04569", "scoring_system": "epss", "scoring_elements": "0.8921", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.04569", "scoring_system": "epss", "scoring_elements": "0.89208", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.04569", "scoring_system": "epss", "scoring_elements": "0.89221", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.04569", "scoring_system": "epss", "scoring_elements": "0.8922", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.04569", "scoring_system": "epss", "scoring_elements": "0.89216", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.04569", "scoring_system": "epss", "scoring_elements": "0.89234", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.04569", "scoring_system": "epss", "scoring_elements": "0.8924", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.04569", "scoring_system": "epss", "scoring_elements": "0.89164", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.04569", "scoring_system": "epss", "scoring_elements": "0.89179", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.04569", "scoring_system": "epss", "scoring_elements": "0.89182", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.04569", "scoring_system": "epss", "scoring_elements": "0.892", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.04569", "scoring_system": "epss", "scoring_elements": "0.89204", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-0665" }, { "reference_url": "https://curl.se/docs/CVE-2025-0665.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "Low", "scoring_system": "cvssv3.1", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-17T17:42:03Z/" } ], "url": "https://curl.se/docs/CVE-2025-0665.html" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://hackerone.com/reports/2954286", "reference_id": "", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-17T17:42:03Z/" } ], "url": "https://hackerone.com/reports/2954286" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2343895", "reference_id": "2343895", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2343895" }, { "reference_url": "https://curl.se/docs/CVE-2025-0665.json", "reference_id": "CVE-2025-0665.json", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-17T17:42:03Z/" } ], "url": "https://curl.se/docs/CVE-2025-0665.json" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582846?format=api", "purl": "pkg:deb/debian/curl@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582363?format=api", "purl": "pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-2szj-xvgq-pkfr" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-4e1k-7bj9-hfch" }, { "vulnerability": "VCID-4gze-cwtp-2bgr" }, { "vulnerability": "VCID-4seq-hvbx-7fg8" }, { "vulnerability": "VCID-56wg-yafz-gkgx" }, { "vulnerability": "VCID-6we4-n888-6qhe" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-ddgz-rczw-jqfw" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-pwn6-j8vf-rufk" }, { "vulnerability": "VCID-qbpd-star-6fgn" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-xpss-yndr-mycj" }, { "vulnerability": "VCID-yaas-j3qk-kfdg" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.74.0-1.3%252Bdeb11u13%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582364?format=api", "purl": "pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-2szj-xvgq-pkfr" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-5xp7-mcsa-uqd4" }, { "vulnerability": "VCID-6we4-n888-6qhe" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-ksap-zrmb-ebcu" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.88.1-10%252Bdeb12u14%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582847?format=api", "purl": "pkg:deb/debian/curl@8.12.0%2Bgit20250209.89ed161%2Bds-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.12.0%252Bgit20250209.89ed161%252Bds-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582365?format=api", "purl": "pkg:deb/debian/curl@8.14.1-2%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-5xp7-mcsa-uqd4" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-amgy-dw6h-6ydf" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-kt4b-7ffh-4bch" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.14.1-2%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582366?format=api", "purl": "pkg:deb/debian/curl@8.19.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582367?format=api", "purl": "pkg:deb/debian/curl@8.19.0-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1067521?format=api", "purl": "pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1077418?format=api", "purl": "pkg:deb/debian/curl@8.20.0~rc3-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1088654?format=api", "purl": "pkg:deb/debian/curl@8.20.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-0665" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-26p8-15d6-kbb1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47213?format=api", "vulnerability_id": "VCID-2vwu-y316-gbb2", "summary": "Multiple vulnerabilities have been discovered in curl, the worst of which could lead to information disclosure.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-2466.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-2466.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-2466", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35078", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35517", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35542", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35424", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.3547", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35495", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35505", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35462", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.3544", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35479", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35468", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35416", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35181", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35159", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-2466" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "http://seclists.org/fulldisclosure/2024/Jul/18", "reference_id": "18", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-23T18:43:18Z/" } ], "url": "http://seclists.org/fulldisclosure/2024/Jul/18" }, { "reference_url": "http://seclists.org/fulldisclosure/2024/Jul/19", "reference_id": "19", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-23T18:43:18Z/" } ], "url": "http://seclists.org/fulldisclosure/2024/Jul/19" }, { "reference_url": "http://seclists.org/fulldisclosure/2024/Jul/20", "reference_id": "20", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-23T18:43:18Z/" } ], "url": "http://seclists.org/fulldisclosure/2024/Jul/20" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270497", "reference_id": "2270497", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270497" }, { "reference_url": "https://hackerone.com/reports/2416725", "reference_id": "2416725", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-23T18:43:18Z/" } ], "url": "https://hackerone.com/reports/2416725" }, { "reference_url": "https://curl.se/docs/CVE-2024-2466.html", "reference_id": "CVE-2024-2466.html", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Medium", "scoring_system": "cvssv3.1", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-23T18:43:18Z/" } ], "url": "https://curl.se/docs/CVE-2024-2466.html" }, { "reference_url": "https://curl.se/docs/CVE-2024-2466.json", "reference_id": "CVE-2024-2466.json", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-23T18:43:18Z/" } ], "url": "https://curl.se/docs/CVE-2024-2466.json" }, { "reference_url": "https://security.gentoo.org/glsa/202409-20", "reference_id": "GLSA-202409-20", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202409-20" }, { "reference_url": "https://support.apple.com/kb/HT214118", "reference_id": "HT214118", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-23T18:43:18Z/" } ], "url": "https://support.apple.com/kb/HT214118" }, { "reference_url": "https://support.apple.com/kb/HT214119", "reference_id": "HT214119", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-23T18:43:18Z/" } ], "url": "https://support.apple.com/kb/HT214119" }, { "reference_url": "https://support.apple.com/kb/HT214120", "reference_id": "HT214120", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-23T18:43:18Z/" } ], "url": "https://support.apple.com/kb/HT214120" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240503-0010/", "reference_id": "ntap-20240503-0010", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-23T18:43:18Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240503-0010/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2693", "reference_id": "RHSA-2024:2693", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2693" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2694", "reference_id": "RHSA-2024:2694", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2694" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582846?format=api", "purl": "pkg:deb/debian/curl@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582363?format=api", "purl": "pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-2szj-xvgq-pkfr" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-4e1k-7bj9-hfch" }, { "vulnerability": "VCID-4gze-cwtp-2bgr" }, { "vulnerability": "VCID-4seq-hvbx-7fg8" }, { "vulnerability": "VCID-56wg-yafz-gkgx" }, { "vulnerability": "VCID-6we4-n888-6qhe" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-ddgz-rczw-jqfw" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-pwn6-j8vf-rufk" }, { "vulnerability": "VCID-qbpd-star-6fgn" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-xpss-yndr-mycj" }, { "vulnerability": "VCID-yaas-j3qk-kfdg" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.74.0-1.3%252Bdeb11u13%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582364?format=api", "purl": "pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-2szj-xvgq-pkfr" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-5xp7-mcsa-uqd4" }, { "vulnerability": "VCID-6we4-n888-6qhe" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-ksap-zrmb-ebcu" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.88.1-10%252Bdeb12u14%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/584796?format=api", "purl": "pkg:deb/debian/curl@8.7.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.7.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582365?format=api", "purl": "pkg:deb/debian/curl@8.14.1-2%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-5xp7-mcsa-uqd4" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-amgy-dw6h-6ydf" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-kt4b-7ffh-4bch" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.14.1-2%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582366?format=api", "purl": "pkg:deb/debian/curl@8.19.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582367?format=api", "purl": "pkg:deb/debian/curl@8.19.0-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1067521?format=api", "purl": "pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1077418?format=api", "purl": "pkg:deb/debian/curl@8.20.0~rc3-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1088654?format=api", "purl": "pkg:deb/debian/curl@8.20.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-2466" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2vwu-y316-gbb2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61670?format=api", "vulnerability_id": "VCID-38mv-usbe-z7hd", "summary": "Multiple vulnerabilities have been found in cURL, the worst of\n which could result in the arbitrary execution of code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22901.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22901.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22901", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.43576", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.43716", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.43654", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.43658", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00344", "scoring_system": "epss", "scoring_elements": "0.56921", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00344", "scoring_system": "epss", "scoring_elements": "0.57065", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00344", "scoring_system": "epss", "scoring_elements": "0.57062", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00344", "scoring_system": "epss", "scoring_elements": "0.57018", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00344", "scoring_system": "epss", "scoring_elements": "0.5704", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00344", "scoring_system": "epss", "scoring_elements": "0.57017", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00344", "scoring_system": "epss", "scoring_elements": "0.57068", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00344", "scoring_system": "epss", "scoring_elements": "0.5707", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00344", "scoring_system": "epss", "scoring_elements": "0.57081", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00344", "scoring_system": "epss", "scoring_elements": "0.5706", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00344", "scoring_system": "epss", "scoring_elements": "0.57036", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22901" }, { "reference_url": "https://curl.se/docs/CVE-2021-22901.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2021-22901.html" }, { "reference_url": "https://hackerone.com/reports/1180380", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/1180380" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1963146", "reference_id": "1963146", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1963146" }, { "reference_url": "https://security.archlinux.org/ASA-202106-4", "reference_id": "ASA-202106-4", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202106-4" }, { "reference_url": "https://security.archlinux.org/ASA-202106-5", "reference_id": "ASA-202106-5", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202106-5" }, { "reference_url": "https://security.archlinux.org/ASA-202106-6", "reference_id": "ASA-202106-6", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202106-6" }, { "reference_url": "https://security.archlinux.org/ASA-202106-7", "reference_id": "ASA-202106-7", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202106-7" }, { "reference_url": "https://security.archlinux.org/AVG-1995", "reference_id": "AVG-1995", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1995" }, { "reference_url": "https://security.archlinux.org/AVG-1996", "reference_id": "AVG-1996", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1996" }, { "reference_url": "https://security.archlinux.org/AVG-1997", "reference_id": "AVG-1997", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1997" }, { "reference_url": "https://security.archlinux.org/AVG-1998", "reference_id": "AVG-1998", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1998" }, { "reference_url": "https://security.gentoo.org/glsa/202105-36", "reference_id": "GLSA-202105-36", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202105-36" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2471", "reference_id": "RHSA-2021:2471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2471" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2472", "reference_id": "RHSA-2021:2472", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2472" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582846?format=api", "purl": "pkg:deb/debian/curl@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582363?format=api", "purl": "pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-2szj-xvgq-pkfr" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-4e1k-7bj9-hfch" }, { "vulnerability": "VCID-4gze-cwtp-2bgr" }, { "vulnerability": "VCID-4seq-hvbx-7fg8" }, { "vulnerability": "VCID-56wg-yafz-gkgx" }, { "vulnerability": "VCID-6we4-n888-6qhe" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-ddgz-rczw-jqfw" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-pwn6-j8vf-rufk" }, { "vulnerability": "VCID-qbpd-star-6fgn" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-xpss-yndr-mycj" }, { "vulnerability": "VCID-yaas-j3qk-kfdg" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.74.0-1.3%252Bdeb11u13%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582364?format=api", "purl": "pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-2szj-xvgq-pkfr" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-5xp7-mcsa-uqd4" }, { "vulnerability": "VCID-6we4-n888-6qhe" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-ksap-zrmb-ebcu" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.88.1-10%252Bdeb12u14%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582365?format=api", "purl": "pkg:deb/debian/curl@8.14.1-2%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-5xp7-mcsa-uqd4" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-amgy-dw6h-6ydf" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-kt4b-7ffh-4bch" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.14.1-2%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582366?format=api", "purl": "pkg:deb/debian/curl@8.19.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582367?format=api", "purl": "pkg:deb/debian/curl@8.19.0-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1067521?format=api", "purl": "pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1077418?format=api", "purl": "pkg:deb/debian/curl@8.20.0~rc3-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1088654?format=api", "purl": "pkg:deb/debian/curl@8.20.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-22901" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-38mv-usbe-z7hd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49712?format=api", "vulnerability_id": "VCID-549m-sm8g-cude", "summary": "Multiple vulnerabilities have been found in cURL, the worst of\n which may allow attackers to bypass intended restrictions.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000099.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000099.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-1000099", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00744", "scoring_system": "epss", "scoring_elements": "0.72962", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00744", "scoring_system": "epss", "scoring_elements": "0.73111", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00744", "scoring_system": "epss", "scoring_elements": "0.73021", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00744", "scoring_system": "epss", "scoring_elements": "0.73046", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00744", "scoring_system": "epss", "scoring_elements": "0.73025", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00744", "scoring_system": "epss", "scoring_elements": "0.73019", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00744", "scoring_system": "epss", "scoring_elements": "0.73061", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00744", "scoring_system": "epss", "scoring_elements": "0.7307", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00744", "scoring_system": "epss", "scoring_elements": "0.73064", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00744", "scoring_system": "epss", "scoring_elements": "0.73103", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00744", "scoring_system": "epss", "scoring_elements": "0.73113", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00744", "scoring_system": "epss", "scoring_elements": "0.72974", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00744", "scoring_system": "epss", "scoring_elements": "0.72994", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00744", "scoring_system": "epss", "scoring_elements": "0.7297", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00744", "scoring_system": "epss", "scoring_elements": "0.73007", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-1000099" }, { "reference_url": "https://curl.haxx.se/0809C.patch", "reference_id": "", "reference_type": "", "scores": [], "url": "https://curl.haxx.se/0809C.patch" }, { "reference_url": "https://curl.haxx.se/docs/adv_20170809C.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://curl.haxx.se/docs/adv_20170809C.html" }, { "reference_url": "https://curl.se/docs/CVE-2017-1000099.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2017-1000099.html" }, { "reference_url": "http://www.securityfocus.com/bid/100281", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/100281" }, { "reference_url": "http://www.securitytracker.com/id/1039119", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1039119" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1478316", "reference_id": "1478316", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1478316" }, { "reference_url": "https://security.archlinux.org/ASA-201708-16", "reference_id": "ASA-201708-16", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201708-16" }, { "reference_url": "https://security.archlinux.org/ASA-201710-3", "reference_id": "ASA-201710-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201710-3" }, { "reference_url": "https://security.archlinux.org/ASA-201710-4", "reference_id": "ASA-201710-4", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201710-4" }, { "reference_url": "https://security.archlinux.org/ASA-201710-5", "reference_id": "ASA-201710-5", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201710-5" }, { "reference_url": "https://security.archlinux.org/ASA-201710-6", "reference_id": "ASA-201710-6", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201710-6" }, { "reference_url": "https://security.archlinux.org/ASA-201710-7", "reference_id": "ASA-201710-7", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201710-7" }, { "reference_url": "https://security.archlinux.org/AVG-370", "reference_id": "AVG-370", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-370" }, { "reference_url": "https://security.archlinux.org/AVG-371", "reference_id": "AVG-371", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-371" }, { "reference_url": "https://security.archlinux.org/AVG-386", "reference_id": "AVG-386", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-386" }, { "reference_url": "https://security.archlinux.org/AVG-387", "reference_id": "AVG-387", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-387" }, { "reference_url": "https://security.archlinux.org/AVG-388", "reference_id": "AVG-388", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-388" }, { "reference_url": "https://security.archlinux.org/AVG-389", "reference_id": "AVG-389", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-389" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:libcurl:7.54.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:haxx:libcurl:7.54.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:libcurl:7.54.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000099", "reference_id": "CVE-2017-1000099", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:N/A:N" }, { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000099" }, { "reference_url": "https://security.gentoo.org/glsa/201709-14", "reference_id": "GLSA-201709-14", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201709-14" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582846?format=api", "purl": "pkg:deb/debian/curl@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582363?format=api", "purl": "pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-2szj-xvgq-pkfr" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-4e1k-7bj9-hfch" }, { "vulnerability": "VCID-4gze-cwtp-2bgr" }, { "vulnerability": "VCID-4seq-hvbx-7fg8" }, { "vulnerability": "VCID-56wg-yafz-gkgx" }, { "vulnerability": "VCID-6we4-n888-6qhe" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-ddgz-rczw-jqfw" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-pwn6-j8vf-rufk" }, { "vulnerability": "VCID-qbpd-star-6fgn" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-xpss-yndr-mycj" }, { "vulnerability": "VCID-yaas-j3qk-kfdg" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.74.0-1.3%252Bdeb11u13%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582364?format=api", "purl": "pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-2szj-xvgq-pkfr" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-5xp7-mcsa-uqd4" }, { "vulnerability": "VCID-6we4-n888-6qhe" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-ksap-zrmb-ebcu" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.88.1-10%252Bdeb12u14%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582365?format=api", "purl": "pkg:deb/debian/curl@8.14.1-2%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-5xp7-mcsa-uqd4" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-amgy-dw6h-6ydf" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-kt4b-7ffh-4bch" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.14.1-2%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582366?format=api", "purl": "pkg:deb/debian/curl@8.19.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582367?format=api", "purl": "pkg:deb/debian/curl@8.19.0-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1067521?format=api", "purl": "pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1077418?format=api", "purl": "pkg:deb/debian/curl@8.20.0~rc3-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1088654?format=api", "purl": "pkg:deb/debian/curl@8.20.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-1000099" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-549m-sm8g-cude" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64428?format=api", "vulnerability_id": "VCID-5g4v-dyse-uucu", "summary": "wcurl: wcurl: Arbitrary file placement via crafted URLs", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-11563.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-11563.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-11563", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.0412", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04304", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04108", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04116", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04239", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.0425", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04269", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04138", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04155", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04186", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04201", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.0418", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04163", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04137", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-11563" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442571", "reference_id": "2442571", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442571" }, { "reference_url": "https://curl.se/docs/CVE-2025-11563.html", "reference_id": "CVE-2025-11563.html", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-25T18:53:51Z/" } ], "url": "https://curl.se/docs/CVE-2025-11563.html" }, { "reference_url": "https://curl.se/docs/CVE-2025-11563.json", "reference_id": "CVE-2025-11563.json", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-25T18:53:51Z/" } ], "url": "https://curl.se/docs/CVE-2025-11563.json" }, { "reference_url": "https://usn.ubuntu.com/8062-1/", "reference_id": "USN-8062-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8062-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582846?format=api", "purl": "pkg:deb/debian/curl@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582363?format=api", "purl": "pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-2szj-xvgq-pkfr" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-4e1k-7bj9-hfch" }, { "vulnerability": "VCID-4gze-cwtp-2bgr" }, { "vulnerability": "VCID-4seq-hvbx-7fg8" }, { "vulnerability": "VCID-56wg-yafz-gkgx" }, { "vulnerability": "VCID-6we4-n888-6qhe" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-ddgz-rczw-jqfw" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-pwn6-j8vf-rufk" }, { "vulnerability": "VCID-qbpd-star-6fgn" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-xpss-yndr-mycj" }, { "vulnerability": "VCID-yaas-j3qk-kfdg" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.74.0-1.3%252Bdeb11u13%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582364?format=api", "purl": "pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-2szj-xvgq-pkfr" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-5xp7-mcsa-uqd4" }, { "vulnerability": "VCID-6we4-n888-6qhe" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-ksap-zrmb-ebcu" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.88.1-10%252Bdeb12u14%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582365?format=api", "purl": "pkg:deb/debian/curl@8.14.1-2%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-5xp7-mcsa-uqd4" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-amgy-dw6h-6ydf" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-kt4b-7ffh-4bch" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.14.1-2%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/584612?format=api", "purl": "pkg:deb/debian/curl@8.17.0-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.17.0-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582366?format=api", "purl": "pkg:deb/debian/curl@8.19.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582367?format=api", "purl": "pkg:deb/debian/curl@8.19.0-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1067521?format=api", "purl": "pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1077418?format=api", "purl": "pkg:deb/debian/curl@8.20.0~rc3-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1088654?format=api", "purl": "pkg:deb/debian/curl@8.20.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-11563" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5g4v-dyse-uucu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97810?format=api", "vulnerability_id": "VCID-5xp7-mcsa-uqd4", "summary": "When doing TLS related transfers with reused easy or multi handles and\naltering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally\nreuse a CA store cached in memory for which the partial chain option was\nreversed. Contrary to the user's wishes and expectations. This could make\nlibcurl find and accept a trust chain that it otherwise would not.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14819.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14819.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-14819", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13995", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13755", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13863", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13771", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13766", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.1384", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13866", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13839", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.1405", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13854", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13938", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13991", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13948", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13911", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-14819" }, { "reference_url": "https://curl.se/docs/CVE-2025-14819.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "Low", "scoring_system": "cvssv3.1", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-08T15:00:02Z/" } ], "url": "https://curl.se/docs/CVE-2025-14819.html" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2426408", "reference_id": "2426408", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2426408" }, { "reference_url": "https://curl.se/docs/CVE-2025-14819.json", "reference_id": "CVE-2025-14819.json", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-08T15:00:02Z/" } ], "url": "https://curl.se/docs/CVE-2025-14819.json" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6893", "reference_id": "RHSA-2026:6893", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6893" }, { "reference_url": "https://usn.ubuntu.com/8062-1/", "reference_id": "USN-8062-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8062-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582846?format=api", "purl": "pkg:deb/debian/curl@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582363?format=api", "purl": "pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-2szj-xvgq-pkfr" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-4e1k-7bj9-hfch" }, { "vulnerability": "VCID-4gze-cwtp-2bgr" }, { "vulnerability": "VCID-4seq-hvbx-7fg8" }, { "vulnerability": "VCID-56wg-yafz-gkgx" }, { "vulnerability": "VCID-6we4-n888-6qhe" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-ddgz-rczw-jqfw" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-pwn6-j8vf-rufk" }, { "vulnerability": "VCID-qbpd-star-6fgn" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-xpss-yndr-mycj" }, { "vulnerability": "VCID-yaas-j3qk-kfdg" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.74.0-1.3%252Bdeb11u13%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/921944?format=api", "purl": "pkg:deb/debian/curl@8.18.0~rc3-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.18.0~rc3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582367?format=api", "purl": "pkg:deb/debian/curl@8.19.0-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1067521?format=api", "purl": "pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1077418?format=api", "purl": "pkg:deb/debian/curl@8.20.0~rc3-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1088654?format=api", "purl": "pkg:deb/debian/curl@8.20.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-14819" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "6.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5xp7-mcsa-uqd4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49269?format=api", "vulnerability_id": "VCID-6ge5-86tg-dydf", "summary": "Multiple vulnerabilities have been found in curl, the worst of which could result in arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27779.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27779.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-27779", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50628", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50717", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50665", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50673", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50654", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.5068", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50635", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.5069", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50686", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50728", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50705", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50731", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00273", "scoring_system": "epss", "scoring_elements": "0.50737", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-27779" }, { "reference_url": "https://curl.se/docs/CVE-2022-27779.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2022-27779.html" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://hackerone.com/reports/1553301", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/1553301" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2082202", "reference_id": "2082202", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2082202" }, { "reference_url": "https://security.archlinux.org/AVG-2706", "reference_id": "AVG-2706", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2706" }, { "reference_url": "https://security.gentoo.org/glsa/202212-01", "reference_id": "GLSA-202212-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202212-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582846?format=api", "purl": "pkg:deb/debian/curl@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582363?format=api", "purl": "pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-2szj-xvgq-pkfr" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-4e1k-7bj9-hfch" }, { "vulnerability": "VCID-4gze-cwtp-2bgr" }, { "vulnerability": "VCID-4seq-hvbx-7fg8" }, { "vulnerability": "VCID-56wg-yafz-gkgx" }, { "vulnerability": "VCID-6we4-n888-6qhe" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-ddgz-rczw-jqfw" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-pwn6-j8vf-rufk" }, { "vulnerability": "VCID-qbpd-star-6fgn" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-xpss-yndr-mycj" }, { "vulnerability": "VCID-yaas-j3qk-kfdg" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.74.0-1.3%252Bdeb11u13%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582920?format=api", "purl": "pkg:deb/debian/curl@7.83.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.83.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582364?format=api", "purl": "pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-2szj-xvgq-pkfr" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-5xp7-mcsa-uqd4" }, { "vulnerability": "VCID-6we4-n888-6qhe" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-ksap-zrmb-ebcu" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.88.1-10%252Bdeb12u14%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582365?format=api", "purl": "pkg:deb/debian/curl@8.14.1-2%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-5xp7-mcsa-uqd4" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-amgy-dw6h-6ydf" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-kt4b-7ffh-4bch" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.14.1-2%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582366?format=api", "purl": "pkg:deb/debian/curl@8.19.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582367?format=api", "purl": "pkg:deb/debian/curl@8.19.0-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1067521?format=api", "purl": "pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1077418?format=api", "purl": "pkg:deb/debian/curl@8.20.0~rc3-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1088654?format=api", "purl": "pkg:deb/debian/curl@8.20.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-27779" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6ge5-86tg-dydf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74681?format=api", "vulnerability_id": "VCID-8m6a-ej6a-g3df", "summary": "curl: freeing stack buffer in utf8asn1str", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-6197.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-6197.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-6197", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01302", "scoring_system": "epss", "scoring_elements": "0.79821", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.01302", "scoring_system": "epss", "scoring_elements": "0.79695", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01302", "scoring_system": "epss", "scoring_elements": "0.79716", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01302", "scoring_system": "epss", "scoring_elements": "0.79701", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01302", "scoring_system": "epss", "scoring_elements": "0.7973", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01302", "scoring_system": "epss", "scoring_elements": "0.79737", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01302", "scoring_system": "epss", "scoring_elements": "0.79759", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01302", "scoring_system": "epss", "scoring_elements": "0.79743", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01302", "scoring_system": "epss", "scoring_elements": "0.79765", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01302", "scoring_system": "epss", "scoring_elements": "0.79766", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01302", "scoring_system": "epss", "scoring_elements": "0.79769", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01302", "scoring_system": "epss", "scoring_elements": "0.79799", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01302", "scoring_system": "epss", "scoring_elements": "0.79806", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-6197" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/07/24/1", "reference_id": "1", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-24T18:42:30Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/07/24/1" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076996", "reference_id": "1076996", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076996" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2299653", "reference_id": "2299653", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2299653" }, { "reference_url": "https://hackerone.com/reports/2559516", "reference_id": "2559516", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-24T18:42:30Z/" } ], "url": "https://hackerone.com/reports/2559516" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/07/24/5", "reference_id": "5", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-24T18:42:30Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/07/24/5" }, { "reference_url": "https://curl.se/docs/CVE-2024-6197.html", "reference_id": "CVE-2024-6197.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Medium", "scoring_system": "cvssv3.1", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-24T18:42:30Z/" } ], "url": "https://curl.se/docs/CVE-2024-6197.html" }, { "reference_url": "https://curl.se/docs/CVE-2024-6197.json", "reference_id": "CVE-2024-6197.json", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-24T18:42:30Z/" } ], "url": "https://curl.se/docs/CVE-2024-6197.json" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582846?format=api", "purl": "pkg:deb/debian/curl@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582363?format=api", "purl": "pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-2szj-xvgq-pkfr" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-4e1k-7bj9-hfch" }, { "vulnerability": "VCID-4gze-cwtp-2bgr" }, { "vulnerability": "VCID-4seq-hvbx-7fg8" }, { "vulnerability": "VCID-56wg-yafz-gkgx" }, { "vulnerability": "VCID-6we4-n888-6qhe" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-ddgz-rczw-jqfw" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-pwn6-j8vf-rufk" }, { "vulnerability": "VCID-qbpd-star-6fgn" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-xpss-yndr-mycj" }, { "vulnerability": "VCID-yaas-j3qk-kfdg" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.74.0-1.3%252Bdeb11u13%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582364?format=api", "purl": "pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-2szj-xvgq-pkfr" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-5xp7-mcsa-uqd4" }, { "vulnerability": "VCID-6we4-n888-6qhe" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-ksap-zrmb-ebcu" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.88.1-10%252Bdeb12u14%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583078?format=api", "purl": "pkg:deb/debian/curl@8.9.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.9.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582365?format=api", "purl": "pkg:deb/debian/curl@8.14.1-2%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-5xp7-mcsa-uqd4" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-amgy-dw6h-6ydf" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-kt4b-7ffh-4bch" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.14.1-2%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582366?format=api", "purl": "pkg:deb/debian/curl@8.19.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582367?format=api", "purl": "pkg:deb/debian/curl@8.19.0-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1067521?format=api", "purl": "pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1077418?format=api", "purl": "pkg:deb/debian/curl@8.20.0~rc3-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1088654?format=api", "purl": "pkg:deb/debian/curl@8.20.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-6197" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8m6a-ej6a-g3df" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69488?format=api", "vulnerability_id": "VCID-9mjz-apkm-g7h1", "summary": "libcurl: curl: QUIC certificate check skip with wolfSSL", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4947.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4947.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-4947", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22409", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22692", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.2271", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22671", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22613", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22628", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22624", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22576", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22421", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22411", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22731", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22775", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22565", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22641", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-4947" }, { "reference_url": "https://curl.se/docs/CVE-2025-4947.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Medium", "scoring_system": "cvssv3.1", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-28T13:57:59Z/" } ], "url": "https://curl.se/docs/CVE-2025-4947.html" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://hackerone.com/reports/3150884", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-28T13:57:59Z/" } ], "url": "https://hackerone.com/reports/3150884" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2368887", "reference_id": "2368887", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2368887" }, { "reference_url": "https://security.archlinux.org/AVG-2887", "reference_id": "AVG-2887", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2887" }, { "reference_url": "https://curl.se/docs/CVE-2025-4947.json", "reference_id": "CVE-2025-4947.json", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-28T13:57:59Z/" } ], "url": "https://curl.se/docs/CVE-2025-4947.json" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582846?format=api", "purl": "pkg:deb/debian/curl@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582363?format=api", "purl": "pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-2szj-xvgq-pkfr" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-4e1k-7bj9-hfch" }, { "vulnerability": "VCID-4gze-cwtp-2bgr" }, { "vulnerability": "VCID-4seq-hvbx-7fg8" }, { "vulnerability": "VCID-56wg-yafz-gkgx" }, { "vulnerability": "VCID-6we4-n888-6qhe" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-ddgz-rczw-jqfw" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-pwn6-j8vf-rufk" }, { "vulnerability": "VCID-qbpd-star-6fgn" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-xpss-yndr-mycj" }, { "vulnerability": "VCID-yaas-j3qk-kfdg" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.74.0-1.3%252Bdeb11u13%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582364?format=api", "purl": "pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-2szj-xvgq-pkfr" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-5xp7-mcsa-uqd4" }, { "vulnerability": "VCID-6we4-n888-6qhe" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-ksap-zrmb-ebcu" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.88.1-10%252Bdeb12u14%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/585168?format=api", "purl": "pkg:deb/debian/curl@8.14.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.14.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582365?format=api", "purl": "pkg:deb/debian/curl@8.14.1-2%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-5xp7-mcsa-uqd4" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-amgy-dw6h-6ydf" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-kt4b-7ffh-4bch" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.14.1-2%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582366?format=api", "purl": "pkg:deb/debian/curl@8.19.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582367?format=api", "purl": "pkg:deb/debian/curl@8.19.0-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1067521?format=api", "purl": "pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1077418?format=api", "purl": "pkg:deb/debian/curl@8.20.0~rc3-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1088654?format=api", "purl": "pkg:deb/debian/curl@8.20.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-4947" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9mjz-apkm-g7h1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/164220?format=api", "vulnerability_id": "VCID-a9b6-m25r-kygw", "summary": "The verify_certificate function in lib/vtls/schannel.c in libcurl 7.30.0 through 7.51.0, when built for Windows CE using the schannel TLS backend, makes it easier for remote attackers to conduct man-in-the-middle attacks via a crafted wildcard SAN in a server certificate, as demonstrated by \"*.com.\"", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9952", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01005", "scoring_system": "epss", "scoring_elements": "0.77128", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.01005", "scoring_system": "epss", "scoring_elements": "0.7708", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01005", "scoring_system": "epss", "scoring_elements": "0.77072", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01005", "scoring_system": "epss", "scoring_elements": "0.77107", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01005", "scoring_system": "epss", "scoring_elements": "0.77114", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.01005", "scoring_system": "epss", "scoring_elements": "0.76977", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01005", "scoring_system": "epss", "scoring_elements": "0.76983", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01005", "scoring_system": "epss", "scoring_elements": "0.77012", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01005", "scoring_system": "epss", "scoring_elements": "0.76993", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01005", "scoring_system": "epss", "scoring_elements": "0.77025", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01005", "scoring_system": "epss", "scoring_elements": "0.77035", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01005", "scoring_system": "epss", "scoring_elements": "0.77063", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01005", "scoring_system": "epss", "scoring_elements": "0.77042", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01005", "scoring_system": "epss", "scoring_elements": "0.77037", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01005", "scoring_system": "epss", "scoring_elements": "0.77078", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9952" }, { "reference_url": "https://curl.se/docs/CVE-2016-9952.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2016-9952.html" }, { "reference_url": "https://curl.haxx.se/docs/adv_20161221B.html", "reference_id": "adv_20161221B.html", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-23T19:19:07Z/" } ], "url": "https://curl.haxx.se/docs/adv_20161221B.html" }, { "reference_url": "https://curl.haxx.se/CVE-2016-9952.patch", "reference_id": "CVE-2016-9952.patch", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-23T19:19:07Z/" } ], "url": "https://curl.haxx.se/CVE-2016-9952.patch" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582846?format=api", "purl": "pkg:deb/debian/curl@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582363?format=api", "purl": "pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-2szj-xvgq-pkfr" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-4e1k-7bj9-hfch" }, { "vulnerability": "VCID-4gze-cwtp-2bgr" }, { "vulnerability": "VCID-4seq-hvbx-7fg8" }, { "vulnerability": "VCID-56wg-yafz-gkgx" }, { "vulnerability": "VCID-6we4-n888-6qhe" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-ddgz-rczw-jqfw" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-pwn6-j8vf-rufk" }, { "vulnerability": "VCID-qbpd-star-6fgn" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-xpss-yndr-mycj" }, { "vulnerability": "VCID-yaas-j3qk-kfdg" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.74.0-1.3%252Bdeb11u13%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582364?format=api", "purl": "pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-2szj-xvgq-pkfr" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-5xp7-mcsa-uqd4" }, { "vulnerability": "VCID-6we4-n888-6qhe" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-ksap-zrmb-ebcu" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.88.1-10%252Bdeb12u14%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582365?format=api", "purl": "pkg:deb/debian/curl@8.14.1-2%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-5xp7-mcsa-uqd4" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-amgy-dw6h-6ydf" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-kt4b-7ffh-4bch" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.14.1-2%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582366?format=api", "purl": "pkg:deb/debian/curl@8.19.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582367?format=api", "purl": "pkg:deb/debian/curl@8.19.0-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1067521?format=api", "purl": "pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1077418?format=api", "purl": "pkg:deb/debian/curl@8.20.0~rc3-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1088654?format=api", "purl": "pkg:deb/debian/curl@8.20.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-9952" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "4.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a9b6-m25r-kygw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/355402?format=api", "vulnerability_id": "VCID-acd8-mwm2-zka5", "summary": "", "references": [ { "reference_url": "https://curl.se/docs/CVE-2026-7009.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2026-7009.html" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://hackerone.com/reports/3694390", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/3694390" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582846?format=api", "purl": "pkg:deb/debian/curl@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582363?format=api", "purl": "pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-2szj-xvgq-pkfr" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-4e1k-7bj9-hfch" }, { "vulnerability": "VCID-4gze-cwtp-2bgr" }, { "vulnerability": "VCID-4seq-hvbx-7fg8" }, { "vulnerability": "VCID-56wg-yafz-gkgx" }, { "vulnerability": "VCID-6we4-n888-6qhe" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-ddgz-rczw-jqfw" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-pwn6-j8vf-rufk" }, { "vulnerability": "VCID-qbpd-star-6fgn" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-xpss-yndr-mycj" }, { "vulnerability": "VCID-yaas-j3qk-kfdg" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.74.0-1.3%252Bdeb11u13%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582364?format=api", "purl": "pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-2szj-xvgq-pkfr" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-5xp7-mcsa-uqd4" }, { "vulnerability": "VCID-6we4-n888-6qhe" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-ksap-zrmb-ebcu" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.88.1-10%252Bdeb12u14%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582365?format=api", "purl": "pkg:deb/debian/curl@8.14.1-2%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-5xp7-mcsa-uqd4" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-amgy-dw6h-6ydf" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-kt4b-7ffh-4bch" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.14.1-2%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582367?format=api", "purl": "pkg:deb/debian/curl@8.19.0-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1088654?format=api", "purl": "pkg:deb/debian/curl@8.20.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-7009" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-acd8-mwm2-zka5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64298?format=api", "vulnerability_id": "VCID-amgy-dw6h-6ydf", "summary": "curl: curl: Arbitrary code execution or Denial of Service via use-after-free in SMB request handling", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3805.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3805.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-3805", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05799", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08051", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08115", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08078", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11667", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11817", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11805", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11837", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11752", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.1188", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12821", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12966", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12921", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12823", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-3805" }, { "reference_url": "https://curl.se/docs/CVE-2026-3805.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Medium", "scoring_system": "cvssv3.1", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-11T15:45:10Z/" } ], "url": "https://curl.se/docs/CVE-2026-3805.html" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://hackerone.com/reports/3591944", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-11T15:45:10Z/" } ], "url": "https://hackerone.com/reports/3591944" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2446451", "reference_id": "2446451", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2446451" }, { "reference_url": "https://curl.se/docs/CVE-2026-3805.json", "reference_id": "CVE-2026-3805.json", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-11T15:45:10Z/" } ], "url": "https://curl.se/docs/CVE-2026-3805.json" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6893", "reference_id": "RHSA-2026:6893", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6893" }, { "reference_url": "https://usn.ubuntu.com/8084-1/", "reference_id": "USN-8084-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8084-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582846?format=api", "purl": "pkg:deb/debian/curl@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582363?format=api", "purl": "pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-2szj-xvgq-pkfr" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-4e1k-7bj9-hfch" }, { "vulnerability": "VCID-4gze-cwtp-2bgr" }, { "vulnerability": "VCID-4seq-hvbx-7fg8" }, { "vulnerability": "VCID-56wg-yafz-gkgx" }, { "vulnerability": "VCID-6we4-n888-6qhe" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-ddgz-rczw-jqfw" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-pwn6-j8vf-rufk" }, { "vulnerability": "VCID-qbpd-star-6fgn" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-xpss-yndr-mycj" }, { "vulnerability": "VCID-yaas-j3qk-kfdg" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.74.0-1.3%252Bdeb11u13%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582364?format=api", "purl": "pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-2szj-xvgq-pkfr" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-5xp7-mcsa-uqd4" }, { "vulnerability": "VCID-6we4-n888-6qhe" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-ksap-zrmb-ebcu" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.88.1-10%252Bdeb12u14%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582366?format=api", "purl": "pkg:deb/debian/curl@8.19.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582367?format=api", "purl": "pkg:deb/debian/curl@8.19.0-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1067521?format=api", "purl": "pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1077418?format=api", "purl": "pkg:deb/debian/curl@8.20.0~rc3-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1088654?format=api", "purl": "pkg:deb/debian/curl@8.20.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-3805" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "6.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-amgy-dw6h-6ydf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/68003?format=api", "vulnerability_id": "VCID-aua9-4frt-xugf", "summary": "curl: libcurl: Curl out of bounds read for cookie path", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-9086.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-9086.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-9086", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10138", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10177", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10241", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13356", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13463", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13491", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13485", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13412", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14356", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14303", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14302", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14264", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14208", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14098", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-9086" }, { "reference_url": "https://curl.se/docs/CVE-2025-9086.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Low", "scoring_system": "cvssv3.1", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-12T17:15:47Z/" } ], "url": "https://curl.se/docs/CVE-2025-9086.html" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://hackerone.com/reports/3294999", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-12T17:15:47Z/" } ], "url": "https://hackerone.com/reports/3294999" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2394750", "reference_id": "2394750", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2394750" }, { "reference_url": "https://curl.se/docs/CVE-2025-9086.json", "reference_id": "CVE-2025-9086.json", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-12T17:15:47Z/" } ], "url": "https://curl.se/docs/CVE-2025-9086.json" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23043", "reference_id": "RHSA-2025:23043", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23043" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23125", "reference_id": "RHSA-2025:23125", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23125" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23126", "reference_id": "RHSA-2025:23126", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23126" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23127", "reference_id": "RHSA-2025:23127", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23127" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23383", "reference_id": "RHSA-2025:23383", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23383" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1350", "reference_id": "RHSA-2026:1350", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1350" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1477", "reference_id": "RHSA-2026:1477", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1477" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1736", "reference_id": "RHSA-2026:1736", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1736" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1825", "reference_id": "RHSA-2026:1825", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1825" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2485", "reference_id": "RHSA-2026:2485", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2485" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2563", "reference_id": "RHSA-2026:2563", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2563" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4943", "reference_id": "RHSA-2026:4943", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4943" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6893", "reference_id": "RHSA-2026:6893", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6893" }, { "reference_url": "https://usn.ubuntu.com/8062-1/", "reference_id": "USN-8062-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8062-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582846?format=api", "purl": "pkg:deb/debian/curl@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582363?format=api", "purl": "pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-2szj-xvgq-pkfr" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-4e1k-7bj9-hfch" }, { "vulnerability": "VCID-4gze-cwtp-2bgr" }, { "vulnerability": "VCID-4seq-hvbx-7fg8" }, { "vulnerability": "VCID-56wg-yafz-gkgx" }, { "vulnerability": "VCID-6we4-n888-6qhe" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-ddgz-rczw-jqfw" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-pwn6-j8vf-rufk" }, { "vulnerability": "VCID-qbpd-star-6fgn" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-xpss-yndr-mycj" }, { "vulnerability": "VCID-yaas-j3qk-kfdg" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.74.0-1.3%252Bdeb11u13%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582364?format=api", "purl": "pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-2szj-xvgq-pkfr" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-5xp7-mcsa-uqd4" }, { "vulnerability": "VCID-6we4-n888-6qhe" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-ksap-zrmb-ebcu" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.88.1-10%252Bdeb12u14%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/586210?format=api", "purl": "pkg:deb/debian/curl@8.14.1-2%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.14.1-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582365?format=api", "purl": "pkg:deb/debian/curl@8.14.1-2%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-5xp7-mcsa-uqd4" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-amgy-dw6h-6ydf" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-kt4b-7ffh-4bch" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.14.1-2%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/586211?format=api", "purl": "pkg:deb/debian/curl@8.16.0~rc2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.16.0~rc2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582366?format=api", "purl": "pkg:deb/debian/curl@8.19.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582367?format=api", "purl": "pkg:deb/debian/curl@8.19.0-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1067521?format=api", "purl": "pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1077418?format=api", "purl": "pkg:deb/debian/curl@8.20.0~rc3-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1088654?format=api", "purl": "pkg:deb/debian/curl@8.20.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-9086" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "6.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-aua9-4frt-xugf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47210?format=api", "vulnerability_id": "VCID-b69q-9yrr-myf7", "summary": "Multiple vulnerabilities have been discovered in curl, the worst of which could lead to information disclosure.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-0853.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-0853.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-0853", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00156", "scoring_system": "epss", "scoring_elements": "0.36038", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00156", "scoring_system": "epss", "scoring_elements": "0.36069", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00156", "scoring_system": "epss", "scoring_elements": "0.36299", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00156", "scoring_system": "epss", "scoring_elements": "0.36353", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00156", "scoring_system": "epss", "scoring_elements": "0.3637", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00156", "scoring_system": "epss", "scoring_elements": "0.36328", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00156", "scoring_system": "epss", "scoring_elements": "0.3635", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00156", "scoring_system": "epss", "scoring_elements": "0.36385", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00156", "scoring_system": "epss", "scoring_elements": "0.36378", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00156", "scoring_system": "epss", "scoring_elements": "0.36358", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00156", "scoring_system": "epss", "scoring_elements": "0.3631", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00156", "scoring_system": "epss", "scoring_elements": "0.36442", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00156", "scoring_system": "epss", "scoring_elements": "0.36475", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40248", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-0853" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262097", "reference_id": "2262097", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262097" }, { "reference_url": "https://hackerone.com/reports/2298922", "reference_id": "2298922", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-13T19:54:33Z/" } ], "url": "https://hackerone.com/reports/2298922" }, { "reference_url": "https://curl.se/docs/CVE-2024-0853.html", "reference_id": "CVE-2024-0853.html", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Low", "scoring_system": "cvssv3.1", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-13T19:54:33Z/" } ], "url": "https://curl.se/docs/CVE-2024-0853.html" }, { "reference_url": "https://curl.se/docs/CVE-2024-0853.json", "reference_id": "CVE-2024-0853.json", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-13T19:54:33Z/" } ], "url": "https://curl.se/docs/CVE-2024-0853.json" }, { "reference_url": "https://security.gentoo.org/glsa/202409-20", "reference_id": "GLSA-202409-20", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202409-20" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240307-0004/", "reference_id": "ntap-20240307-0004", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-13T19:54:33Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240307-0004/" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240426-0009/", "reference_id": "ntap-20240426-0009", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-13T19:54:33Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240426-0009/" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240503-0012/", "reference_id": "ntap-20240503-0012", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-13T19:54:33Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240503-0012/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582846?format=api", "purl": "pkg:deb/debian/curl@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582363?format=api", "purl": "pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-2szj-xvgq-pkfr" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-4e1k-7bj9-hfch" }, { "vulnerability": "VCID-4gze-cwtp-2bgr" }, { "vulnerability": "VCID-4seq-hvbx-7fg8" }, { "vulnerability": "VCID-56wg-yafz-gkgx" }, { "vulnerability": "VCID-6we4-n888-6qhe" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-ddgz-rczw-jqfw" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-pwn6-j8vf-rufk" }, { "vulnerability": "VCID-qbpd-star-6fgn" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-xpss-yndr-mycj" }, { "vulnerability": "VCID-yaas-j3qk-kfdg" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.74.0-1.3%252Bdeb11u13%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582364?format=api", "purl": "pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-2szj-xvgq-pkfr" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-5xp7-mcsa-uqd4" }, { "vulnerability": "VCID-6we4-n888-6qhe" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-ksap-zrmb-ebcu" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.88.1-10%252Bdeb12u14%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/585837?format=api", "purl": "pkg:deb/debian/curl@8.6.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.6.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582365?format=api", "purl": "pkg:deb/debian/curl@8.14.1-2%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-5xp7-mcsa-uqd4" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-amgy-dw6h-6ydf" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-kt4b-7ffh-4bch" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.14.1-2%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582366?format=api", "purl": "pkg:deb/debian/curl@8.19.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582367?format=api", "purl": "pkg:deb/debian/curl@8.19.0-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1067521?format=api", "purl": "pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1077418?format=api", "purl": "pkg:deb/debian/curl@8.20.0~rc3-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1088654?format=api", "purl": "pkg:deb/debian/curl@8.20.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-0853" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b69q-9yrr-myf7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57270?format=api", "vulnerability_id": "VCID-bz4u-6rft-s3a8", "summary": "Multiple vulnerabilities have been discovered in curl, the worst of which could result in arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38039.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38039.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-38039", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.12305", "scoring_system": "epss", "scoring_elements": "0.93847", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.12305", "scoring_system": "epss", "scoring_elements": "0.9386", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.12305", "scoring_system": "epss", "scoring_elements": "0.93856", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.12305", "scoring_system": "epss", "scoring_elements": "0.93845", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.12305", "scoring_system": "epss", "scoring_elements": "0.93835", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.12305", "scoring_system": "epss", "scoring_elements": "0.93892", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.12305", "scoring_system": "epss", "scoring_elements": "0.93896", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.12305", "scoring_system": "epss", "scoring_elements": "0.93894", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.12305", "scoring_system": "epss", "scoring_elements": "0.93893", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.12305", "scoring_system": "epss", "scoring_elements": "0.93887", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.12305", "scoring_system": "epss", "scoring_elements": "0.93865", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-38039" }, { "reference_url": "https://curl.se/docs/CVE-2023-38039.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2023-38039.html" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://hackerone.com/reports/2072338", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T19:17:43Z/" } ], "url": "https://hackerone.com/reports/2072338" }, { "reference_url": "http://seclists.org/fulldisclosure/2023/Oct/17", "reference_id": "17", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T19:17:43Z/" } ], "url": "http://seclists.org/fulldisclosure/2023/Oct/17" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2239135", "reference_id": "2239135", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2239135" }, { "reference_url": "http://seclists.org/fulldisclosure/2024/Jan/34", "reference_id": "34", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T19:17:43Z/" } ], "url": "http://seclists.org/fulldisclosure/2024/Jan/34" }, { "reference_url": "http://seclists.org/fulldisclosure/2024/Jan/37", "reference_id": "37", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T19:17:43Z/" } ], "url": "http://seclists.org/fulldisclosure/2024/Jan/37" }, { "reference_url": "http://seclists.org/fulldisclosure/2024/Jan/38", "reference_id": "38", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T19:17:43Z/" } ], "url": "http://seclists.org/fulldisclosure/2024/Jan/38" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DCZMYODALBLVOXVJEN2LF2MLANEYL4F/", "reference_id": "5DCZMYODALBLVOXVJEN2LF2MLANEYL4F", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T19:17:43Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DCZMYODALBLVOXVJEN2LF2MLANEYL4F/" }, { "reference_url": "https://security.gentoo.org/glsa/202310-12", "reference_id": "GLSA-202310-12", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T19:17:43Z/" } ], "url": "https://security.gentoo.org/glsa/202310-12" }, { "reference_url": "https://support.apple.com/kb/HT214036", "reference_id": "HT214036", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T19:17:43Z/" } ], "url": "https://support.apple.com/kb/HT214036" }, { "reference_url": "https://support.apple.com/kb/HT214057", "reference_id": "HT214057", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T19:17:43Z/" } ], "url": "https://support.apple.com/kb/HT214057" }, { "reference_url": "https://support.apple.com/kb/HT214058", "reference_id": "HT214058", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T19:17:43Z/" } ], "url": "https://support.apple.com/kb/HT214058" }, { "reference_url": "https://support.apple.com/kb/HT214063", "reference_id": "HT214063", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T19:17:43Z/" } ], "url": "https://support.apple.com/kb/HT214063" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M6KGKB2JNZVT276JYSKI6FV2VFJUGDOJ/", "reference_id": "M6KGKB2JNZVT276JYSKI6FV2VFJUGDOJ", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T19:17:43Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M6KGKB2JNZVT276JYSKI6FV2VFJUGDOJ/" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20231013-0005/", "reference_id": "ntap-20231013-0005", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T19:17:43Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20231013-0005/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7625", "reference_id": "RHSA-2023:7625", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7625" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7626", "reference_id": "RHSA-2023:7626", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7626" }, { "reference_url": "https://www.insyde.com/security-pledge/SA-2023064", "reference_id": "SA-2023064", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T19:17:43Z/" } ], "url": "https://www.insyde.com/security-pledge/SA-2023064" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TEAWTYHC3RT6ZRS5OZRHLAIENVN6CCIS/", "reference_id": "TEAWTYHC3RT6ZRS5OZRHLAIENVN6CCIS", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T19:17:43Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TEAWTYHC3RT6ZRS5OZRHLAIENVN6CCIS/" }, { "reference_url": "https://usn.ubuntu.com/6363-1/", "reference_id": "USN-6363-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6363-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582846?format=api", "purl": "pkg:deb/debian/curl@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582363?format=api", "purl": "pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-2szj-xvgq-pkfr" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-4e1k-7bj9-hfch" }, { "vulnerability": "VCID-4gze-cwtp-2bgr" }, { "vulnerability": "VCID-4seq-hvbx-7fg8" }, { "vulnerability": "VCID-56wg-yafz-gkgx" }, { "vulnerability": "VCID-6we4-n888-6qhe" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-ddgz-rczw-jqfw" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-pwn6-j8vf-rufk" }, { "vulnerability": "VCID-qbpd-star-6fgn" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-xpss-yndr-mycj" }, { "vulnerability": "VCID-yaas-j3qk-kfdg" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.74.0-1.3%252Bdeb11u13%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/586888?format=api", "purl": "pkg:deb/debian/curl@7.88.1-10%2Bdeb12u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.88.1-10%252Bdeb12u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582364?format=api", "purl": "pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-2szj-xvgq-pkfr" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-5xp7-mcsa-uqd4" }, { "vulnerability": "VCID-6we4-n888-6qhe" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-ksap-zrmb-ebcu" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.88.1-10%252Bdeb12u14%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/586889?format=api", "purl": "pkg:deb/debian/curl@8.3.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.3.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582365?format=api", "purl": "pkg:deb/debian/curl@8.14.1-2%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-5xp7-mcsa-uqd4" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-amgy-dw6h-6ydf" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-kt4b-7ffh-4bch" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.14.1-2%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582366?format=api", "purl": "pkg:deb/debian/curl@8.19.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582367?format=api", "purl": "pkg:deb/debian/curl@8.19.0-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1067521?format=api", "purl": "pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1077418?format=api", "purl": "pkg:deb/debian/curl@8.20.0~rc3-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1088654?format=api", "purl": "pkg:deb/debian/curl@8.20.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-38039" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bz4u-6rft-s3a8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/80257?format=api", "vulnerability_id": "VCID-d3s1-3qs7-2uhw", "summary": "curl: Cipher settings shared for all connections when using schannel TLS backed", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22897.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22897.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22897", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00791", "scoring_system": "epss", "scoring_elements": "0.73845", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00791", "scoring_system": "epss", "scoring_elements": "0.73979", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00791", "scoring_system": "epss", "scoring_elements": "0.73971", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00791", "scoring_system": "epss", "scoring_elements": "0.7398", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00791", "scoring_system": "epss", "scoring_elements": "0.73855", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00791", "scoring_system": "epss", "scoring_elements": "0.7388", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00791", "scoring_system": "epss", "scoring_elements": "0.73851", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00791", "scoring_system": "epss", "scoring_elements": "0.73886", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00791", "scoring_system": "epss", "scoring_elements": "0.73899", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00791", "scoring_system": "epss", "scoring_elements": "0.73921", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00791", "scoring_system": "epss", "scoring_elements": "0.73903", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00791", "scoring_system": "epss", "scoring_elements": "0.73894", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00791", "scoring_system": "epss", "scoring_elements": "0.73936", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00791", "scoring_system": "epss", "scoring_elements": "0.73945", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00791", "scoring_system": "epss", "scoring_elements": "0.73937", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22897" }, { "reference_url": "https://curl.se/docs/CVE-2021-22897.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2021-22897.html" }, { "reference_url": "https://hackerone.com/reports/1172857", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/1172857" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1964904", "reference_id": "1964904", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1964904" }, { "reference_url": "https://security.archlinux.org/AVG-2016", "reference_id": "AVG-2016", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2016" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582846?format=api", "purl": "pkg:deb/debian/curl@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582363?format=api", "purl": "pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-2szj-xvgq-pkfr" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-4e1k-7bj9-hfch" }, { "vulnerability": "VCID-4gze-cwtp-2bgr" }, { "vulnerability": "VCID-4seq-hvbx-7fg8" }, { "vulnerability": "VCID-56wg-yafz-gkgx" }, { "vulnerability": "VCID-6we4-n888-6qhe" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-ddgz-rczw-jqfw" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-pwn6-j8vf-rufk" }, { "vulnerability": "VCID-qbpd-star-6fgn" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-xpss-yndr-mycj" }, { "vulnerability": "VCID-yaas-j3qk-kfdg" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.74.0-1.3%252Bdeb11u13%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582364?format=api", "purl": "pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-2szj-xvgq-pkfr" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-5xp7-mcsa-uqd4" }, { "vulnerability": "VCID-6we4-n888-6qhe" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-ksap-zrmb-ebcu" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.88.1-10%252Bdeb12u14%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582365?format=api", "purl": "pkg:deb/debian/curl@8.14.1-2%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-5xp7-mcsa-uqd4" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-amgy-dw6h-6ydf" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-kt4b-7ffh-4bch" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.14.1-2%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582366?format=api", "purl": "pkg:deb/debian/curl@8.19.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582367?format=api", "purl": "pkg:deb/debian/curl@8.19.0-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1067521?format=api", "purl": "pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1077418?format=api", "purl": "pkg:deb/debian/curl@8.20.0~rc3-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1088654?format=api", "purl": "pkg:deb/debian/curl@8.20.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-22897" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d3s1-3qs7-2uhw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49281?format=api", "vulnerability_id": "VCID-ej47-4dcu-5fhy", "summary": "Multiple vulnerabilities have been found in curl, the worst of which could result in arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-42915.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-42915.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-42915", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00467", "scoring_system": "epss", "scoring_elements": "0.64478", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00467", "scoring_system": "epss", "scoring_elements": "0.64436", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00467", "scoring_system": "epss", "scoring_elements": "0.64407", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00467", "scoring_system": "epss", "scoring_elements": "0.64442", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00467", "scoring_system": "epss", "scoring_elements": "0.64454", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00467", "scoring_system": "epss", "scoring_elements": "0.64447", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00467", "scoring_system": "epss", "scoring_elements": "0.64467", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00467", "scoring_system": "epss", "scoring_elements": "0.6448", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00625", "scoring_system": "epss", "scoring_elements": "0.70128", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00625", "scoring_system": "epss", "scoring_elements": "0.70143", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00812", "scoring_system": "epss", "scoring_elements": "0.7425", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00812", "scoring_system": "epss", "scoring_elements": "0.74272", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00812", "scoring_system": "epss", "scoring_elements": "0.74203", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00812", "scoring_system": "epss", "scoring_elements": "0.74235", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-42915" }, { "reference_url": "https://curl.se/docs/CVE-2022-42915.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Medium", "scoring_system": "cvssv3.1", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-07T13:58:40Z/" } ], "url": "https://curl.se/docs/CVE-2022-42915.html" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://hackerone.com/reports/1722065", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/1722065" }, { "reference_url": "http://seclists.org/fulldisclosure/2023/Jan/19", "reference_id": "19", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-07T13:58:40Z/" } ], "url": "http://seclists.org/fulldisclosure/2023/Jan/19" }, { "reference_url": "http://seclists.org/fulldisclosure/2023/Jan/20", "reference_id": "20", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-07T13:58:40Z/" } ], "url": "http://seclists.org/fulldisclosure/2023/Jan/20" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135413", "reference_id": "2135413", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135413" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/37YEVVC6NAF6H7UHH6YAUY5QEVY6LIH2/", "reference_id": "37YEVVC6NAF6H7UHH6YAUY5QEVY6LIH2", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-07T13:58:40Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/37YEVVC6NAF6H7UHH6YAUY5QEVY6LIH2/" }, { "reference_url": "https://security.gentoo.org/glsa/202212-01", "reference_id": "GLSA-202212-01", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-07T13:58:40Z/" } ], "url": "https://security.gentoo.org/glsa/202212-01" }, { "reference_url": "https://support.apple.com/kb/HT213604", "reference_id": "HT213604", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-07T13:58:40Z/" } ], "url": "https://support.apple.com/kb/HT213604" }, { "reference_url": "https://support.apple.com/kb/HT213605", "reference_id": "HT213605", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-07T13:58:40Z/" } ], "url": "https://support.apple.com/kb/HT213605" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVU3IMZCKR4VE6KJ4GCWRL2ILLC6OV76/", "reference_id": "HVU3IMZCKR4VE6KJ4GCWRL2ILLC6OV76", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-07T13:58:40Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVU3IMZCKR4VE6KJ4GCWRL2ILLC6OV76/" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20221209-0010/", "reference_id": "ntap-20221209-0010", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-07T13:58:40Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20221209-0010/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q27V5YYMXUVI6PRZQVECON32XPVWTKDK/", "reference_id": "Q27V5YYMXUVI6PRZQVECON32XPVWTKDK", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-07T13:58:40Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q27V5YYMXUVI6PRZQVECON32XPVWTKDK/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8840", "reference_id": "RHSA-2022:8840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8841", "reference_id": "RHSA-2022:8841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8841" }, { "reference_url": "https://usn.ubuntu.com/5702-1/", "reference_id": "USN-5702-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5702-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582846?format=api", "purl": "pkg:deb/debian/curl@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582363?format=api", "purl": "pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-2szj-xvgq-pkfr" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-4e1k-7bj9-hfch" }, { "vulnerability": "VCID-4gze-cwtp-2bgr" }, { "vulnerability": "VCID-4seq-hvbx-7fg8" }, { "vulnerability": "VCID-56wg-yafz-gkgx" }, { "vulnerability": "VCID-6we4-n888-6qhe" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-ddgz-rczw-jqfw" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-pwn6-j8vf-rufk" }, { "vulnerability": "VCID-qbpd-star-6fgn" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-xpss-yndr-mycj" }, { "vulnerability": "VCID-yaas-j3qk-kfdg" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.74.0-1.3%252Bdeb11u13%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583300?format=api", "purl": "pkg:deb/debian/curl@7.86.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.86.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582364?format=api", "purl": "pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-2szj-xvgq-pkfr" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-5xp7-mcsa-uqd4" }, { "vulnerability": "VCID-6we4-n888-6qhe" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-ksap-zrmb-ebcu" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.88.1-10%252Bdeb12u14%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582365?format=api", "purl": "pkg:deb/debian/curl@8.14.1-2%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-5xp7-mcsa-uqd4" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-amgy-dw6h-6ydf" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-kt4b-7ffh-4bch" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.14.1-2%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582366?format=api", "purl": "pkg:deb/debian/curl@8.19.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582367?format=api", "purl": "pkg:deb/debian/curl@8.19.0-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1067521?format=api", "purl": "pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1077418?format=api", "purl": "pkg:deb/debian/curl@8.20.0~rc3-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1088654?format=api", "purl": "pkg:deb/debian/curl@8.20.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-42915" ], "risk_score": 3.6, "exploitability": "0.5", "weighted_severity": "7.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ej47-4dcu-5fhy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/164221?format=api", "vulnerability_id": "VCID-hj8v-tgnn-mfdw", "summary": "The verify_certificate function in lib/vtls/schannel.c in libcurl 7.30.0 through 7.51.0, when built for Windows CE using the schannel TLS backend, allows remote attackers to obtain sensitive information, cause a denial of service (crash), or possibly have unspecified other impact via a wildcard certificate name, which triggers an out-of-bounds read.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9953", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01854", "scoring_system": "epss", "scoring_elements": "0.83089", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.01854", "scoring_system": "epss", "scoring_elements": "0.82946", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01854", "scoring_system": "epss", "scoring_elements": "0.82963", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01854", "scoring_system": "epss", "scoring_elements": "0.82976", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01854", "scoring_system": "epss", "scoring_elements": "0.82973", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01854", "scoring_system": "epss", "scoring_elements": "0.82998", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01854", "scoring_system": "epss", "scoring_elements": "0.83005", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01854", "scoring_system": "epss", "scoring_elements": "0.83021", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01854", "scoring_system": "epss", "scoring_elements": "0.83015", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01854", "scoring_system": "epss", "scoring_elements": "0.8301", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01854", "scoring_system": "epss", "scoring_elements": "0.83049", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01854", "scoring_system": "epss", "scoring_elements": "0.83048", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01854", "scoring_system": "epss", "scoring_elements": "0.83051", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01854", "scoring_system": "epss", "scoring_elements": "0.83074", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01854", "scoring_system": "epss", "scoring_elements": "0.83082", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9953" }, { "reference_url": "https://curl.se/docs/CVE-2016-9953.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2016-9953.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582846?format=api", "purl": "pkg:deb/debian/curl@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582363?format=api", "purl": "pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-2szj-xvgq-pkfr" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-4e1k-7bj9-hfch" }, { "vulnerability": "VCID-4gze-cwtp-2bgr" }, { "vulnerability": "VCID-4seq-hvbx-7fg8" }, { "vulnerability": "VCID-56wg-yafz-gkgx" }, { "vulnerability": "VCID-6we4-n888-6qhe" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-ddgz-rczw-jqfw" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-pwn6-j8vf-rufk" }, { "vulnerability": "VCID-qbpd-star-6fgn" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-xpss-yndr-mycj" }, { "vulnerability": "VCID-yaas-j3qk-kfdg" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.74.0-1.3%252Bdeb11u13%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582364?format=api", "purl": "pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-2szj-xvgq-pkfr" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-5xp7-mcsa-uqd4" }, { "vulnerability": "VCID-6we4-n888-6qhe" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-ksap-zrmb-ebcu" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.88.1-10%252Bdeb12u14%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582365?format=api", "purl": "pkg:deb/debian/curl@8.14.1-2%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-5xp7-mcsa-uqd4" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-amgy-dw6h-6ydf" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-kt4b-7ffh-4bch" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.14.1-2%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582366?format=api", "purl": "pkg:deb/debian/curl@8.19.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582367?format=api", "purl": "pkg:deb/debian/curl@8.19.0-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1067521?format=api", "purl": "pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1077418?format=api", "purl": "pkg:deb/debian/curl@8.20.0~rc3-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1088654?format=api", "purl": "pkg:deb/debian/curl@8.20.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-9953" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hj8v-tgnn-mfdw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/79435?format=api", "vulnerability_id": "VCID-hjkx-6yep-mkde", "summary": "curl: removes wrong file on error", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27778.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27778.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-27778", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00911", "scoring_system": "epss", "scoring_elements": "0.75903", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00911", "scoring_system": "epss", "scoring_elements": "0.75845", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00911", "scoring_system": "epss", "scoring_elements": "0.75883", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00911", "scoring_system": "epss", "scoring_elements": "0.75892", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00911", "scoring_system": "epss", "scoring_elements": "0.75764", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00911", "scoring_system": "epss", "scoring_elements": "0.75796", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00911", "scoring_system": "epss", "scoring_elements": "0.75776", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00911", "scoring_system": "epss", "scoring_elements": "0.75808", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00911", "scoring_system": "epss", "scoring_elements": "0.7582", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00911", "scoring_system": "epss", "scoring_elements": "0.75844", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00911", "scoring_system": "epss", "scoring_elements": "0.75825", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00911", "scoring_system": "epss", "scoring_elements": "0.75818", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00911", "scoring_system": "epss", "scoring_elements": "0.75856", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00911", "scoring_system": "epss", "scoring_elements": "0.75859", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-27778" }, { "reference_url": "https://curl.se/docs/CVE-2022-27778.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2022-27778.html" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://hackerone.com/reports/1553598", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/1553598" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2082194", "reference_id": "2082194", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2082194" }, { "reference_url": "https://security.archlinux.org/AVG-2706", "reference_id": "AVG-2706", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2706" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582846?format=api", "purl": "pkg:deb/debian/curl@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582363?format=api", "purl": "pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-2szj-xvgq-pkfr" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-4e1k-7bj9-hfch" }, { "vulnerability": "VCID-4gze-cwtp-2bgr" }, { "vulnerability": "VCID-4seq-hvbx-7fg8" }, { "vulnerability": "VCID-56wg-yafz-gkgx" }, { "vulnerability": "VCID-6we4-n888-6qhe" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-ddgz-rczw-jqfw" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-pwn6-j8vf-rufk" }, { "vulnerability": "VCID-qbpd-star-6fgn" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-xpss-yndr-mycj" }, { "vulnerability": "VCID-yaas-j3qk-kfdg" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.74.0-1.3%252Bdeb11u13%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582920?format=api", "purl": "pkg:deb/debian/curl@7.83.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.83.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582364?format=api", "purl": "pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-2szj-xvgq-pkfr" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-5xp7-mcsa-uqd4" }, { "vulnerability": "VCID-6we4-n888-6qhe" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-ksap-zrmb-ebcu" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.88.1-10%252Bdeb12u14%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582365?format=api", "purl": "pkg:deb/debian/curl@8.14.1-2%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-5xp7-mcsa-uqd4" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-amgy-dw6h-6ydf" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-kt4b-7ffh-4bch" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.14.1-2%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582366?format=api", "purl": "pkg:deb/debian/curl@8.19.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582367?format=api", "purl": "pkg:deb/debian/curl@8.19.0-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1067521?format=api", "purl": "pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1077418?format=api", "purl": "pkg:deb/debian/curl@8.20.0~rc3-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1088654?format=api", "purl": "pkg:deb/debian/curl@8.20.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-27778" ], "risk_score": 3.6, "exploitability": "0.5", "weighted_severity": "7.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hjkx-6yep-mkde" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49261?format=api", "vulnerability_id": "VCID-hudt-78dw-tkf2", "summary": "Multiple vulnerabilities have been found in curl, the worst of which could result in arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22925.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22925.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22925", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00319", "scoring_system": "epss", "scoring_elements": "0.55005", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00319", "scoring_system": "epss", "scoring_elements": "0.5489", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00319", "scoring_system": "epss", "scoring_elements": "0.55017", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00319", "scoring_system": "epss", "scoring_elements": "0.5496", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00319", "scoring_system": "epss", "scoring_elements": "0.54986", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00319", "scoring_system": "epss", "scoring_elements": "0.54956", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00319", "scoring_system": "epss", "scoring_elements": "0.55006", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00424", "scoring_system": "epss", "scoring_elements": "0.62217", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00424", "scoring_system": "epss", "scoring_elements": "0.62173", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00424", "scoring_system": "epss", "scoring_elements": "0.62194", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00424", "scoring_system": "epss", "scoring_elements": "0.62228", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00424", "scoring_system": "epss", "scoring_elements": "0.62207", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00424", "scoring_system": "epss", "scoring_elements": "0.62224", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00424", "scoring_system": "epss", "scoring_elements": "0.62235", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00424", "scoring_system": "epss", "scoring_elements": "0.62218", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22925" }, { "reference_url": "https://curl.se/docs/CVE-2021-22925.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2021-22925.html" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://hackerone.com/reports/1223882", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-16T16:36:17Z/" } ], "url": "https://hackerone.com/reports/1223882" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1970902", "reference_id": "1970902", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1970902" }, { "reference_url": "http://seclists.org/fulldisclosure/2021/Sep/39", "reference_id": "39", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-16T16:36:17Z/" } ], "url": "http://seclists.org/fulldisclosure/2021/Sep/39" }, { "reference_url": "http://seclists.org/fulldisclosure/2021/Sep/40", "reference_id": "40", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-16T16:36:17Z/" } ], "url": "http://seclists.org/fulldisclosure/2021/Sep/40" }, { "reference_url": "https://security.archlinux.org/ASA-202107-59", "reference_id": "ASA-202107-59", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202107-59" }, { "reference_url": "https://security.archlinux.org/ASA-202107-60", "reference_id": "ASA-202107-60", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202107-60" }, { "reference_url": "https://security.archlinux.org/ASA-202107-61", "reference_id": "ASA-202107-61", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202107-61" }, { "reference_url": "https://security.archlinux.org/ASA-202107-62", "reference_id": "ASA-202107-62", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202107-62" }, { "reference_url": "https://security.archlinux.org/ASA-202107-63", "reference_id": "ASA-202107-63", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202107-63" }, { "reference_url": "https://security.archlinux.org/ASA-202107-64", "reference_id": "ASA-202107-64", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202107-64" }, { "reference_url": "https://security.archlinux.org/AVG-2194", "reference_id": "AVG-2194", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2194" }, { "reference_url": "https://security.archlinux.org/AVG-2195", "reference_id": "AVG-2195", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2195" }, { "reference_url": "https://security.archlinux.org/AVG-2196", "reference_id": "AVG-2196", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2196" }, { "reference_url": "https://security.archlinux.org/AVG-2197", "reference_id": "AVG-2197", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2197" }, { "reference_url": "https://security.archlinux.org/AVG-2198", "reference_id": "AVG-2198", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2198" }, { "reference_url": "https://security.archlinux.org/AVG-2199", "reference_id": "AVG-2199", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2199" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/", "reference_id": "FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-16T16:36:17Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/" }, { "reference_url": "https://security.gentoo.org/glsa/202212-01", "reference_id": "GLSA-202212-01", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-16T16:36:17Z/" } ], "url": "https://security.gentoo.org/glsa/202212-01" }, { "reference_url": "https://support.apple.com/kb/HT212804", "reference_id": "HT212804", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-16T16:36:17Z/" } ], "url": "https://support.apple.com/kb/HT212804" }, { "reference_url": "https://support.apple.com/kb/HT212805", "reference_id": "HT212805", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-16T16:36:17Z/" } ], "url": "https://support.apple.com/kb/HT212805" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210902-0003/", "reference_id": "ntap-20210902-0003", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-16T16:36:17Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20210902-0003/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4511", "reference_id": "RHSA-2021:4511", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4511" }, { "reference_url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", "reference_id": "ssa-484086.pdf", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-16T16:36:17Z/" } ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf" }, { "reference_url": "https://usn.ubuntu.com/5021-1/", "reference_id": "USN-5021-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5021-1/" }, { "reference_url": "https://usn.ubuntu.com/5021-2/", "reference_id": "USN-5021-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5021-2/" }, { "reference_url": "https://usn.ubuntu.com/5894-1/", "reference_id": "USN-5894-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5894-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582846?format=api", "purl": "pkg:deb/debian/curl@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582363?format=api", "purl": "pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-2szj-xvgq-pkfr" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-4e1k-7bj9-hfch" }, { "vulnerability": "VCID-4gze-cwtp-2bgr" }, { "vulnerability": "VCID-4seq-hvbx-7fg8" }, { "vulnerability": "VCID-56wg-yafz-gkgx" }, { "vulnerability": "VCID-6we4-n888-6qhe" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-ddgz-rczw-jqfw" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-pwn6-j8vf-rufk" }, { "vulnerability": "VCID-qbpd-star-6fgn" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-xpss-yndr-mycj" }, { "vulnerability": "VCID-yaas-j3qk-kfdg" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.74.0-1.3%252Bdeb11u13%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582364?format=api", "purl": "pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-2szj-xvgq-pkfr" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-5xp7-mcsa-uqd4" }, { "vulnerability": "VCID-6we4-n888-6qhe" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-ksap-zrmb-ebcu" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.88.1-10%252Bdeb12u14%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582365?format=api", "purl": "pkg:deb/debian/curl@8.14.1-2%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-5xp7-mcsa-uqd4" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-amgy-dw6h-6ydf" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-kt4b-7ffh-4bch" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.14.1-2%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582366?format=api", "purl": "pkg:deb/debian/curl@8.19.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582367?format=api", "purl": "pkg:deb/debian/curl@8.19.0-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1067521?format=api", "purl": "pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1077418?format=api", "purl": "pkg:deb/debian/curl@8.20.0~rc3-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1088654?format=api", "purl": "pkg:deb/debian/curl@8.20.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-22925" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hudt-78dw-tkf2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34708?format=api", "vulnerability_id": "VCID-hyqp-z8hb-fqbt", "summary": "Multiple vulnerabilities have been found in cURL, the worst of\n which could allow remote attackers to execute arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9594.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9594.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9594", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01088", "scoring_system": "epss", "scoring_elements": "0.77857", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01088", "scoring_system": "epss", "scoring_elements": "0.78", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.01088", "scoring_system": "epss", "scoring_elements": "0.77864", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01088", "scoring_system": "epss", "scoring_elements": "0.77892", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01088", "scoring_system": "epss", "scoring_elements": "0.77874", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01088", "scoring_system": "epss", "scoring_elements": "0.77901", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01088", "scoring_system": "epss", "scoring_elements": "0.77906", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01088", "scoring_system": "epss", "scoring_elements": "0.77933", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01088", "scoring_system": "epss", "scoring_elements": "0.77917", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01088", "scoring_system": "epss", "scoring_elements": "0.77916", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01088", "scoring_system": "epss", "scoring_elements": "0.77954", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01088", "scoring_system": "epss", "scoring_elements": "0.77953", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01088", "scoring_system": "epss", "scoring_elements": "0.77946", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01088", "scoring_system": "epss", "scoring_elements": "0.7798", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01088", "scoring_system": "epss", "scoring_elements": "0.77987", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9594" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9594", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-15T21:03:12Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9594" }, { "reference_url": "https://curl.haxx.se/docs/adv_20161223.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-15T21:03:12Z/" } ], "url": "https://curl.haxx.se/docs/adv_20161223.html" }, { "reference_url": "https://curl.se/docs/CVE-2016-9594.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2016-9594.html" }, { "reference_url": "https://www.tenable.com/security/tns-2017-04", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-15T21:03:12Z/" } ], "url": "https://www.tenable.com/security/tns-2017-04" }, { "reference_url": "http://www.securityfocus.com/bid/95094", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-15T21:03:12Z/" } ], "url": "http://www.securityfocus.com/bid/95094" }, { "reference_url": "http://www.securitytracker.com/id/1037528", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-15T21:03:12Z/" } ], "url": "http://www.securitytracker.com/id/1037528" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1408385", "reference_id": "1408385", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1408385" }, { "reference_url": "https://security.archlinux.org/ASA-201612-22", "reference_id": "ASA-201612-22", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201612-22" }, { "reference_url": "https://security.archlinux.org/ASA-201701-10", "reference_id": "ASA-201701-10", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-10" }, { "reference_url": "https://security.archlinux.org/ASA-201701-11", "reference_id": "ASA-201701-11", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-11" }, { "reference_url": "https://security.archlinux.org/ASA-201701-7", "reference_id": "ASA-201701-7", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-7" }, { "reference_url": "https://security.archlinux.org/ASA-201701-8", "reference_id": "ASA-201701-8", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-8" }, { "reference_url": "https://security.archlinux.org/ASA-201701-9", "reference_id": "ASA-201701-9", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-9" }, { "reference_url": "https://security.archlinux.org/AVG-112", "reference_id": "AVG-112", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-112" }, { "reference_url": "https://security.archlinux.org/AVG-113", "reference_id": "AVG-113", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-113" }, { "reference_url": "https://security.archlinux.org/AVG-114", "reference_id": "AVG-114", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-114" }, { "reference_url": "https://security.archlinux.org/AVG-115", "reference_id": "AVG-115", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-115" }, { "reference_url": "https://security.archlinux.org/AVG-116", "reference_id": "AVG-116", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-116" }, { "reference_url": "https://security.archlinux.org/AVG-117", "reference_id": "AVG-117", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-117" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9594", "reference_id": "CVE-2016-9594", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" }, { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9594" }, { "reference_url": "https://security.gentoo.org/glsa/201701-47", "reference_id": "GLSA-201701-47", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-15T21:03:12Z/" } ], "url": "https://security.gentoo.org/glsa/201701-47" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582846?format=api", "purl": "pkg:deb/debian/curl@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582363?format=api", "purl": "pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-2szj-xvgq-pkfr" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-4e1k-7bj9-hfch" }, { "vulnerability": "VCID-4gze-cwtp-2bgr" }, { "vulnerability": "VCID-4seq-hvbx-7fg8" }, { "vulnerability": "VCID-56wg-yafz-gkgx" }, { "vulnerability": "VCID-6we4-n888-6qhe" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-ddgz-rczw-jqfw" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-pwn6-j8vf-rufk" }, { "vulnerability": "VCID-qbpd-star-6fgn" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-xpss-yndr-mycj" }, { "vulnerability": "VCID-yaas-j3qk-kfdg" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.74.0-1.3%252Bdeb11u13%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582364?format=api", "purl": "pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-2szj-xvgq-pkfr" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-5xp7-mcsa-uqd4" }, { "vulnerability": "VCID-6we4-n888-6qhe" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-ksap-zrmb-ebcu" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.88.1-10%252Bdeb12u14%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582365?format=api", "purl": "pkg:deb/debian/curl@8.14.1-2%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-5xp7-mcsa-uqd4" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-amgy-dw6h-6ydf" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-kt4b-7ffh-4bch" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.14.1-2%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582366?format=api", "purl": "pkg:deb/debian/curl@8.19.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582367?format=api", "purl": "pkg:deb/debian/curl@8.19.0-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1067521?format=api", "purl": "pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1077418?format=api", "purl": "pkg:deb/debian/curl@8.20.0~rc3-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1088654?format=api", "purl": "pkg:deb/debian/curl@8.20.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-9594" ], "risk_score": 3.6, "exploitability": "0.5", "weighted_severity": "7.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hyqp-z8hb-fqbt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16991?format=api", "vulnerability_id": "VCID-ke81-x2ze-rbc5", "summary": "Double Free\nA double free vulnerability exists in libcurl <8.0.0 when sharing HSTS data between separate \"handles\". This sharing was introduced without considerations for do this sharing across separate threads but there was no indication of this fact in the documentation. Due to missing mutexes or thread locks, two threads sharing the same HSTS data could end up doing a double-free or use-after-free.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27537.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27537.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-27537", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14506", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14539", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14609", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14418", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14504", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14558", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.1908", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21544", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21741", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21707", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.2156", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21554", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24345", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24288", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-27537" }, { "reference_url": "https://curl.se/docs/CVE-2023-27537.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2023-27537.html" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://hackerone.com/reports/1897203", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/1897203" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179097", "reference_id": "2179097", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179097" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27537", "reference_id": "CVE-2023-27537", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27537" }, { "reference_url": "https://security.gentoo.org/glsa/202310-12", "reference_id": "GLSA-202310-12", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202310-12" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582846?format=api", "purl": "pkg:deb/debian/curl@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582363?format=api", "purl": "pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-2szj-xvgq-pkfr" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-4e1k-7bj9-hfch" }, { "vulnerability": "VCID-4gze-cwtp-2bgr" }, { "vulnerability": "VCID-4seq-hvbx-7fg8" }, { "vulnerability": "VCID-56wg-yafz-gkgx" }, { "vulnerability": "VCID-6we4-n888-6qhe" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-ddgz-rczw-jqfw" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-pwn6-j8vf-rufk" }, { "vulnerability": "VCID-qbpd-star-6fgn" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-xpss-yndr-mycj" }, { "vulnerability": "VCID-yaas-j3qk-kfdg" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.74.0-1.3%252Bdeb11u13%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/584289?format=api", "purl": "pkg:deb/debian/curl@7.88.1-7?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.88.1-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582364?format=api", "purl": "pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-2szj-xvgq-pkfr" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-5xp7-mcsa-uqd4" }, { "vulnerability": "VCID-6we4-n888-6qhe" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-ksap-zrmb-ebcu" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.88.1-10%252Bdeb12u14%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582365?format=api", "purl": "pkg:deb/debian/curl@8.14.1-2%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-5xp7-mcsa-uqd4" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-amgy-dw6h-6ydf" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-kt4b-7ffh-4bch" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.14.1-2%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582366?format=api", "purl": "pkg:deb/debian/curl@8.19.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582367?format=api", "purl": "pkg:deb/debian/curl@8.19.0-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1067521?format=api", "purl": "pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1077418?format=api", "purl": "pkg:deb/debian/curl@8.20.0~rc3-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1088654?format=api", "purl": "pkg:deb/debian/curl@8.20.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-27537" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ke81-x2ze-rbc5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/68002?format=api", "vulnerability_id": "VCID-ksap-zrmb-ebcu", "summary": "curl: predictable WebSocket mask", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-10148.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-10148.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-10148", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.28205", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.28161", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.28", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00112", "scoring_system": "epss", "scoring_elements": "0.29442", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00112", "scoring_system": "epss", "scoring_elements": "0.29742", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00112", "scoring_system": "epss", "scoring_elements": "0.29698", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00112", "scoring_system": "epss", "scoring_elements": "0.29618", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00112", "scoring_system": "epss", "scoring_elements": "0.29504", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30659", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30683", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30714", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30746", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30749", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30704", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-10148" }, { "reference_url": "https://curl.se/docs/CVE-2025-10148.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Low", "scoring_system": "cvssv3.1", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-12T17:16:46Z/" } ], "url": "https://curl.se/docs/CVE-2025-10148.html" }, { "reference_url": "https://hackerone.com/reports/3330839", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-12T17:16:46Z/" } ], "url": "https://hackerone.com/reports/3330839" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2394749", "reference_id": "2394749", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2394749" }, { "reference_url": "https://curl.se/docs/CVE-2025-10148.json", "reference_id": "CVE-2025-10148.json", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-12T17:16:46Z/" } ], "url": "https://curl.se/docs/CVE-2025-10148.json" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6893", "reference_id": "RHSA-2026:6893", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6893" }, { "reference_url": "https://usn.ubuntu.com/8062-1/", "reference_id": "USN-8062-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8062-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582846?format=api", "purl": "pkg:deb/debian/curl@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582363?format=api", "purl": "pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-2szj-xvgq-pkfr" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-4e1k-7bj9-hfch" }, { "vulnerability": "VCID-4gze-cwtp-2bgr" }, { "vulnerability": "VCID-4seq-hvbx-7fg8" }, { "vulnerability": "VCID-56wg-yafz-gkgx" }, { "vulnerability": "VCID-6we4-n888-6qhe" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-ddgz-rczw-jqfw" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-pwn6-j8vf-rufk" }, { "vulnerability": "VCID-qbpd-star-6fgn" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-xpss-yndr-mycj" }, { "vulnerability": "VCID-yaas-j3qk-kfdg" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.74.0-1.3%252Bdeb11u13%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/586210?format=api", "purl": "pkg:deb/debian/curl@8.14.1-2%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.14.1-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582365?format=api", "purl": "pkg:deb/debian/curl@8.14.1-2%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-5xp7-mcsa-uqd4" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-amgy-dw6h-6ydf" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-kt4b-7ffh-4bch" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.14.1-2%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/921941?format=api", "purl": "pkg:deb/debian/curl@8.16.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.16.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582367?format=api", "purl": "pkg:deb/debian/curl@8.19.0-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1067521?format=api", "purl": "pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1077418?format=api", "purl": "pkg:deb/debian/curl@8.20.0~rc3-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1088654?format=api", "purl": "pkg:deb/debian/curl@8.20.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-10148" ], "risk_score": 2.1, "exploitability": "0.5", "weighted_severity": "4.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ksap-zrmb-ebcu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97811?format=api", "vulnerability_id": "VCID-kt4b-7ffh-4bch", "summary": "When using `CURLOPT_PINNEDPUBLICKEY` option with libcurl or `--pinnedpubkey`\nwith the curl tool,curl should check the public key of the server certificate\nto verify the peer.\n\nThis check was skipped in a certain condition that would then make curl allow\nthe connection without performing the proper check, thus not noticing a\npossible impostor. To skip this check, the connection had to be done with QUIC\nwith ngtcp2 built to use GnuTLS and the user had to explicitly disable the\nstandard certificate verification.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13034.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13034.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-13034", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01204", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.0129", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01209", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.012", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01212", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01284", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01289", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01294", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01211", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.0122", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01226", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.0123", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01213", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01207", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-13034" }, { "reference_url": "https://curl.se/docs/CVE-2025-13034.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Medium", "scoring_system": "cvssv3.1", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-08T14:56:11Z/" } ], "url": "https://curl.se/docs/CVE-2025-13034.html" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2426406", "reference_id": "2426406", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2426406" }, { "reference_url": "https://curl.se/docs/CVE-2025-13034.json", "reference_id": "CVE-2025-13034.json", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-08T14:56:11Z/" } ], "url": "https://curl.se/docs/CVE-2025-13034.json" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6893", "reference_id": "RHSA-2026:6893", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6893" }, { "reference_url": "https://usn.ubuntu.com/8062-1/", "reference_id": "USN-8062-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8062-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582846?format=api", "purl": "pkg:deb/debian/curl@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582363?format=api", "purl": "pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-2szj-xvgq-pkfr" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-4e1k-7bj9-hfch" }, { "vulnerability": "VCID-4gze-cwtp-2bgr" }, { "vulnerability": "VCID-4seq-hvbx-7fg8" }, { "vulnerability": "VCID-56wg-yafz-gkgx" }, { "vulnerability": "VCID-6we4-n888-6qhe" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-ddgz-rczw-jqfw" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-pwn6-j8vf-rufk" }, { "vulnerability": "VCID-qbpd-star-6fgn" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-xpss-yndr-mycj" }, { "vulnerability": "VCID-yaas-j3qk-kfdg" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.74.0-1.3%252Bdeb11u13%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582364?format=api", "purl": "pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-2szj-xvgq-pkfr" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-5xp7-mcsa-uqd4" }, { "vulnerability": "VCID-6we4-n888-6qhe" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-ksap-zrmb-ebcu" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.88.1-10%252Bdeb12u14%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/921943?format=api", "purl": "pkg:deb/debian/curl@8.18.0~rc2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.18.0~rc2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582367?format=api", "purl": "pkg:deb/debian/curl@8.19.0-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1067521?format=api", "purl": "pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1077418?format=api", "purl": "pkg:deb/debian/curl@8.20.0~rc3-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1088654?format=api", "purl": "pkg:deb/debian/curl@8.20.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-13034" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "6.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kt4b-7ffh-4bch" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57266?format=api", "vulnerability_id": "VCID-m15r-v9sr-2bbn", "summary": "Multiple vulnerabilities have been discovered in curl, the worst of which could result in arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28319.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28319.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28319", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0032", "scoring_system": "epss", "scoring_elements": "0.55044", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0032", "scoring_system": "epss", "scoring_elements": "0.55072", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0032", "scoring_system": "epss", "scoring_elements": "0.55097", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0032", "scoring_system": "epss", "scoring_elements": "0.55073", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0032", "scoring_system": "epss", "scoring_elements": "0.55122", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0032", "scoring_system": "epss", "scoring_elements": "0.55134", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0032", "scoring_system": "epss", "scoring_elements": "0.55114", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0032", "scoring_system": "epss", "scoring_elements": "0.55138", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0032", "scoring_system": "epss", "scoring_elements": "0.55117", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0032", "scoring_system": "epss", "scoring_elements": "0.55052", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28319" }, { "reference_url": "https://curl.se/docs/CVE-2023-28319.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2023-28319.html" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://hackerone.com/reports/1913733", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:59:44Z/" } ], "url": "https://hackerone.com/reports/1913733" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036239", "reference_id": "1036239", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036239" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196778", "reference_id": "2196778", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196778" }, { "reference_url": "http://seclists.org/fulldisclosure/2023/Jul/47", "reference_id": "47", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:59:44Z/" } ], "url": "http://seclists.org/fulldisclosure/2023/Jul/47" }, { "reference_url": "http://seclists.org/fulldisclosure/2023/Jul/48", "reference_id": "48", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:59:44Z/" } ], "url": "http://seclists.org/fulldisclosure/2023/Jul/48" }, { "reference_url": "http://seclists.org/fulldisclosure/2023/Jul/52", "reference_id": "52", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:59:44Z/" } ], "url": "http://seclists.org/fulldisclosure/2023/Jul/52" }, { "reference_url": "https://security.gentoo.org/glsa/202310-12", "reference_id": "GLSA-202310-12", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:59:44Z/" } ], "url": "https://security.gentoo.org/glsa/202310-12" }, { "reference_url": "https://support.apple.com/kb/HT213843", "reference_id": "HT213843", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:59:44Z/" } ], "url": "https://support.apple.com/kb/HT213843" }, { "reference_url": "https://support.apple.com/kb/HT213844", "reference_id": "HT213844", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:59:44Z/" } ], "url": "https://support.apple.com/kb/HT213844" }, { "reference_url": "https://support.apple.com/kb/HT213845", "reference_id": "HT213845", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:59:44Z/" } ], "url": "https://support.apple.com/kb/HT213845" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230609-0009/", "reference_id": "ntap-20230609-0009", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:59:44Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20230609-0009/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4628", "reference_id": "RHSA-2023:4628", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4628" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4629", "reference_id": "RHSA-2023:4629", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4629" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582846?format=api", "purl": "pkg:deb/debian/curl@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582363?format=api", "purl": "pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-2szj-xvgq-pkfr" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-4e1k-7bj9-hfch" }, { "vulnerability": "VCID-4gze-cwtp-2bgr" }, { "vulnerability": "VCID-4seq-hvbx-7fg8" }, { "vulnerability": "VCID-56wg-yafz-gkgx" }, { "vulnerability": "VCID-6we4-n888-6qhe" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-ddgz-rczw-jqfw" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-pwn6-j8vf-rufk" }, { "vulnerability": "VCID-qbpd-star-6fgn" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-xpss-yndr-mycj" }, { "vulnerability": "VCID-yaas-j3qk-kfdg" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.74.0-1.3%252Bdeb11u13%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583792?format=api", "purl": "pkg:deb/debian/curl@7.88.1-10?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.88.1-10%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582364?format=api", "purl": "pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-2szj-xvgq-pkfr" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-5xp7-mcsa-uqd4" }, { "vulnerability": "VCID-6we4-n888-6qhe" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-ksap-zrmb-ebcu" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.88.1-10%252Bdeb12u14%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582365?format=api", "purl": "pkg:deb/debian/curl@8.14.1-2%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-5xp7-mcsa-uqd4" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-amgy-dw6h-6ydf" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-kt4b-7ffh-4bch" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.14.1-2%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582366?format=api", "purl": "pkg:deb/debian/curl@8.19.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582367?format=api", "purl": "pkg:deb/debian/curl@8.19.0-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1067521?format=api", "purl": "pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1077418?format=api", "purl": "pkg:deb/debian/curl@8.20.0~rc3-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1088654?format=api", "purl": "pkg:deb/debian/curl@8.20.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-28319" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m15r-v9sr-2bbn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/134641?format=api", "vulnerability_id": "VCID-m3nh-aha9-dfbc", "summary": "Absolute path traversal vulnerability in curl 7.20.0 through 7.21.1, when the --remote-header-name or -J option is used, allows remote servers to create or overwrite arbitrary files by using \\ (backslash) as a separator of path components within the Content-disposition HTTP header.", "references": [ { "reference_url": "http://curl.haxx.se/docs/adv_20101013.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://curl.haxx.se/docs/adv_20101013.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3842", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00898", "scoring_system": "epss", "scoring_elements": "0.75731", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00898", "scoring_system": "epss", "scoring_elements": "0.7572", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00898", "scoring_system": "epss", "scoring_elements": "0.7559", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00898", "scoring_system": "epss", "scoring_elements": "0.75592", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00898", "scoring_system": "epss", "scoring_elements": "0.75623", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00898", "scoring_system": "epss", "scoring_elements": "0.75603", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00898", "scoring_system": "epss", "scoring_elements": "0.75638", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00898", "scoring_system": "epss", "scoring_elements": "0.75649", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00898", "scoring_system": "epss", "scoring_elements": "0.75673", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00898", "scoring_system": "epss", "scoring_elements": "0.75655", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00898", "scoring_system": "epss", "scoring_elements": "0.75686", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00898", "scoring_system": "epss", "scoring_elements": "0.7569", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00898", "scoring_system": "epss", "scoring_elements": "0.75675", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00898", "scoring_system": "epss", "scoring_elements": "0.75715", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3842" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=642642", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=642642" }, { "reference_url": "https://curl.se/docs/CVE-2010-3842.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2010-3842.html" }, { "reference_url": "http://secunia.com/advisories/39532", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/39532" }, { "reference_url": "http://securitytracker.com/id?1024583", "reference_id": "", "reference_type": "", "scores": [], "url": "http://securitytracker.com/id?1024583" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2010/10/13/1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2010/10/13/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2010/10/13/4", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2010/10/13/4" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2010/10/13/5", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2010/10/13/5" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:curl:curl:7.20.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:curl:curl:7.20.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:curl:curl:7.20.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:curl:curl:7.20.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:curl:curl:7.20.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:curl:curl:7.20.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:curl:curl:7.21.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:curl:curl:7.21.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:curl:curl:7.21.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3842", "reference_id": "CVE-2010-3842", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:P" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3842" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582846?format=api", "purl": "pkg:deb/debian/curl@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582363?format=api", "purl": "pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-2szj-xvgq-pkfr" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-4e1k-7bj9-hfch" }, { "vulnerability": "VCID-4gze-cwtp-2bgr" }, { "vulnerability": "VCID-4seq-hvbx-7fg8" }, { "vulnerability": "VCID-56wg-yafz-gkgx" }, { "vulnerability": "VCID-6we4-n888-6qhe" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-ddgz-rczw-jqfw" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-pwn6-j8vf-rufk" }, { "vulnerability": "VCID-qbpd-star-6fgn" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-xpss-yndr-mycj" }, { "vulnerability": "VCID-yaas-j3qk-kfdg" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.74.0-1.3%252Bdeb11u13%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582364?format=api", "purl": "pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-2szj-xvgq-pkfr" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-5xp7-mcsa-uqd4" }, { "vulnerability": "VCID-6we4-n888-6qhe" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-ksap-zrmb-ebcu" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.88.1-10%252Bdeb12u14%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582365?format=api", "purl": "pkg:deb/debian/curl@8.14.1-2%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-5xp7-mcsa-uqd4" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-amgy-dw6h-6ydf" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-kt4b-7ffh-4bch" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.14.1-2%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582366?format=api", "purl": "pkg:deb/debian/curl@8.19.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582367?format=api", "purl": "pkg:deb/debian/curl@8.19.0-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1067521?format=api", "purl": "pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1077418?format=api", "purl": "pkg:deb/debian/curl@8.20.0~rc3-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1088654?format=api", "purl": "pkg:deb/debian/curl@8.20.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2010-3842" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m3nh-aha9-dfbc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/161670?format=api", "vulnerability_id": "VCID-m3r3-25yq-hqdc", "summary": "Curl before 7.49.1 in Apple OS X before macOS Sierra prior to 10.12 allows remote or local attackers to execute arbitrary code, gain sensitive information, cause denial-of-service conditions, bypass security restrictions, and perform unauthorized actions. This may aid in other attacks.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4606", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00218", "scoring_system": "epss", "scoring_elements": "0.44368", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00218", "scoring_system": "epss", "scoring_elements": "0.44439", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00218", "scoring_system": "epss", "scoring_elements": "0.4446", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00218", "scoring_system": "epss", "scoring_elements": "0.44395", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00218", "scoring_system": "epss", "scoring_elements": "0.44446", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00218", "scoring_system": "epss", "scoring_elements": "0.44453", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00218", "scoring_system": "epss", "scoring_elements": "0.4447", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00218", "scoring_system": "epss", "scoring_elements": "0.44438", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00218", "scoring_system": "epss", "scoring_elements": "0.44437", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00218", "scoring_system": "epss", "scoring_elements": "0.44494", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00218", "scoring_system": "epss", "scoring_elements": "0.44484", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00218", "scoring_system": "epss", "scoring_elements": "0.44415", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01628", "scoring_system": "epss", "scoring_elements": "0.81933", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01628", "scoring_system": "epss", "scoring_elements": "0.81943", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.01628", "scoring_system": "epss", "scoring_elements": "0.81948", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4606" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582846?format=api", "purl": "pkg:deb/debian/curl@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582363?format=api", "purl": "pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-2szj-xvgq-pkfr" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-4e1k-7bj9-hfch" }, { "vulnerability": "VCID-4gze-cwtp-2bgr" }, { "vulnerability": "VCID-4seq-hvbx-7fg8" }, { "vulnerability": "VCID-56wg-yafz-gkgx" }, { "vulnerability": "VCID-6we4-n888-6qhe" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-ddgz-rczw-jqfw" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-pwn6-j8vf-rufk" }, { "vulnerability": "VCID-qbpd-star-6fgn" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-xpss-yndr-mycj" }, { "vulnerability": "VCID-yaas-j3qk-kfdg" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.74.0-1.3%252Bdeb11u13%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582364?format=api", "purl": "pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-2szj-xvgq-pkfr" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-5xp7-mcsa-uqd4" }, { "vulnerability": "VCID-6we4-n888-6qhe" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-ksap-zrmb-ebcu" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.88.1-10%252Bdeb12u14%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582365?format=api", "purl": "pkg:deb/debian/curl@8.14.1-2%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-5xp7-mcsa-uqd4" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-amgy-dw6h-6ydf" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-kt4b-7ffh-4bch" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.14.1-2%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582366?format=api", "purl": "pkg:deb/debian/curl@8.19.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582367?format=api", "purl": "pkg:deb/debian/curl@8.19.0-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1067521?format=api", "purl": "pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1077418?format=api", "purl": "pkg:deb/debian/curl@8.20.0~rc3-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1088654?format=api", "purl": "pkg:deb/debian/curl@8.20.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-4606" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m3r3-25yq-hqdc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69458?format=api", "vulnerability_id": "VCID-m5fs-um7r-9qh2", "summary": "curl: libcurl: WebSocket endless loop", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-5399.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-5399.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-5399", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0021", "scoring_system": "epss", "scoring_elements": "0.43448", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00486", "scoring_system": "epss", "scoring_elements": "0.65424", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00486", "scoring_system": "epss", "scoring_elements": "0.65389", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00486", "scoring_system": "epss", "scoring_elements": "0.65409", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00486", "scoring_system": "epss", "scoring_elements": "0.65396", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00486", "scoring_system": "epss", "scoring_elements": "0.65368", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00486", "scoring_system": "epss", "scoring_elements": "0.65404", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00486", "scoring_system": "epss", "scoring_elements": "0.65415", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00486", "scoring_system": "epss", "scoring_elements": "0.65399", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00486", "scoring_system": "epss", "scoring_elements": "0.65416", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00486", "scoring_system": "epss", "scoring_elements": "0.65427", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00486", "scoring_system": "epss", "scoring_elements": "0.65362", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00486", "scoring_system": "epss", "scoring_elements": "0.65326", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00486", "scoring_system": "epss", "scoring_elements": "0.65378", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-5399" }, { "reference_url": "https://curl.se/docs/CVE-2025-5399.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Low", "scoring_system": "cvssv3.1", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-09T13:20:18Z/" } ], "url": "https://curl.se/docs/CVE-2025-5399.html" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://hackerone.com/reports/3168039", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-09T13:20:18Z/" } ], "url": "https://hackerone.com/reports/3168039" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370920", "reference_id": "2370920", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370920" }, { "reference_url": "https://security.archlinux.org/ASA-202506-2", "reference_id": "ASA-202506-2", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202506-2" }, { "reference_url": "https://security.archlinux.org/AVG-2895", "reference_id": "AVG-2895", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2895" }, { "reference_url": "https://curl.se/docs/CVE-2025-5399.json", "reference_id": "CVE-2025-5399.json", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-09T13:20:18Z/" } ], "url": "https://curl.se/docs/CVE-2025-5399.json" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582846?format=api", "purl": "pkg:deb/debian/curl@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582363?format=api", "purl": "pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-2szj-xvgq-pkfr" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-4e1k-7bj9-hfch" }, { "vulnerability": "VCID-4gze-cwtp-2bgr" }, { "vulnerability": "VCID-4seq-hvbx-7fg8" }, { "vulnerability": "VCID-56wg-yafz-gkgx" }, { "vulnerability": "VCID-6we4-n888-6qhe" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-ddgz-rczw-jqfw" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-pwn6-j8vf-rufk" }, { "vulnerability": "VCID-qbpd-star-6fgn" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-xpss-yndr-mycj" }, { "vulnerability": "VCID-yaas-j3qk-kfdg" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.74.0-1.3%252Bdeb11u13%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582364?format=api", "purl": "pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-2szj-xvgq-pkfr" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-5xp7-mcsa-uqd4" }, { "vulnerability": "VCID-6we4-n888-6qhe" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-ksap-zrmb-ebcu" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.88.1-10%252Bdeb12u14%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583707?format=api", "purl": "pkg:deb/debian/curl@8.14.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.14.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582365?format=api", "purl": "pkg:deb/debian/curl@8.14.1-2%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-5xp7-mcsa-uqd4" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-amgy-dw6h-6ydf" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-kt4b-7ffh-4bch" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.14.1-2%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582366?format=api", "purl": "pkg:deb/debian/curl@8.19.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582367?format=api", "purl": "pkg:deb/debian/curl@8.19.0-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1067521?format=api", "purl": "pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1077418?format=api", "purl": "pkg:deb/debian/curl@8.20.0~rc3-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1088654?format=api", "purl": "pkg:deb/debian/curl@8.20.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-5399" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "6.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m5fs-um7r-9qh2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/147967?format=api", "vulnerability_id": "VCID-ma8s-he6x-z7a8", "summary": "curl and libcurl 7.27.0 through 7.35.0, when running on Windows and using the SChannel/Winssl TLS backend, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate when accessing a URL that uses a numerical IP address, which allows man-in-the-middle attackers to spoof servers via an arbitrary valid certificate.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-2522", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00292", "scoring_system": "epss", "scoring_elements": "0.52514", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00292", "scoring_system": "epss", "scoring_elements": "0.52452", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00292", "scoring_system": "epss", "scoring_elements": "0.52498", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00292", "scoring_system": "epss", "scoring_elements": "0.52525", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00292", "scoring_system": "epss", "scoring_elements": "0.52491", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00292", "scoring_system": "epss", "scoring_elements": "0.52544", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00292", "scoring_system": "epss", "scoring_elements": "0.52539", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00292", "scoring_system": "epss", "scoring_elements": "0.5259", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00292", "scoring_system": "epss", "scoring_elements": "0.52574", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00292", "scoring_system": "epss", "scoring_elements": "0.52559", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00292", "scoring_system": "epss", "scoring_elements": "0.52599", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00292", "scoring_system": "epss", "scoring_elements": "0.52605", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00292", "scoring_system": "epss", "scoring_elements": "0.52591", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00292", "scoring_system": "epss", "scoring_elements": "0.52541", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00292", "scoring_system": "epss", "scoring_elements": "0.52551", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-2522" }, { "reference_url": "https://curl.se/docs/CVE-2014-2522.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2014-2522.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582846?format=api", "purl": "pkg:deb/debian/curl@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582363?format=api", "purl": "pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-2szj-xvgq-pkfr" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-4e1k-7bj9-hfch" }, { "vulnerability": "VCID-4gze-cwtp-2bgr" }, { "vulnerability": "VCID-4seq-hvbx-7fg8" }, { "vulnerability": "VCID-56wg-yafz-gkgx" }, { "vulnerability": "VCID-6we4-n888-6qhe" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-ddgz-rczw-jqfw" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-pwn6-j8vf-rufk" }, { "vulnerability": "VCID-qbpd-star-6fgn" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-xpss-yndr-mycj" }, { "vulnerability": "VCID-yaas-j3qk-kfdg" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.74.0-1.3%252Bdeb11u13%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582364?format=api", "purl": "pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-2szj-xvgq-pkfr" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-5xp7-mcsa-uqd4" }, { "vulnerability": "VCID-6we4-n888-6qhe" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-ksap-zrmb-ebcu" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.88.1-10%252Bdeb12u14%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582365?format=api", "purl": "pkg:deb/debian/curl@8.14.1-2%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-5xp7-mcsa-uqd4" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-amgy-dw6h-6ydf" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-kt4b-7ffh-4bch" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.14.1-2%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582366?format=api", "purl": "pkg:deb/debian/curl@8.19.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582367?format=api", "purl": "pkg:deb/debian/curl@8.19.0-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1067521?format=api", "purl": "pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1077418?format=api", "purl": "pkg:deb/debian/curl@8.20.0~rc3-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1088654?format=api", "purl": "pkg:deb/debian/curl@8.20.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-2522" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ma8s-he6x-z7a8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74682?format=api", "vulnerability_id": "VCID-my7a-jeng-5bhw", "summary": "curl: macidn punycode buffer overread", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-6874.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-6874.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-6874", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0099", "scoring_system": "epss", "scoring_elements": "0.76969", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0099", "scoring_system": "epss", "scoring_elements": "0.76866", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0099", "scoring_system": "epss", "scoring_elements": "0.76877", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0099", "scoring_system": "epss", "scoring_elements": "0.76905", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0099", "scoring_system": "epss", "scoring_elements": "0.76884", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0099", "scoring_system": "epss", "scoring_elements": "0.76879", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0099", "scoring_system": "epss", "scoring_elements": "0.7692", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0099", "scoring_system": "epss", "scoring_elements": "0.76925", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0099", "scoring_system": "epss", "scoring_elements": "0.76917", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0099", "scoring_system": "epss", "scoring_elements": "0.76949", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0099", "scoring_system": "epss", "scoring_elements": "0.76957", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0099", "scoring_system": "epss", "scoring_elements": "0.76826", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0099", "scoring_system": "epss", "scoring_elements": "0.76855", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0099", "scoring_system": "epss", "scoring_elements": "0.76835", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-6874" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076996", "reference_id": "1076996", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076996" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/07/24/2", "reference_id": "2", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-24T16:13:40Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/07/24/2" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2299654", "reference_id": "2299654", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2299654" }, { "reference_url": "https://hackerone.com/reports/2604391", "reference_id": "2604391", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-24T16:13:40Z/" } ], "url": "https://hackerone.com/reports/2604391" }, { "reference_url": "https://curl.se/docs/CVE-2024-6874.html", "reference_id": "CVE-2024-6874.html", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Low", "scoring_system": "cvssv3.1", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-24T16:13:40Z/" } ], "url": "https://curl.se/docs/CVE-2024-6874.html" }, { "reference_url": "https://curl.se/docs/CVE-2024-6874.json", "reference_id": "CVE-2024-6874.json", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-24T16:13:40Z/" } ], "url": "https://curl.se/docs/CVE-2024-6874.json" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582846?format=api", "purl": "pkg:deb/debian/curl@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582363?format=api", "purl": "pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-2szj-xvgq-pkfr" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-4e1k-7bj9-hfch" }, { "vulnerability": "VCID-4gze-cwtp-2bgr" }, { "vulnerability": "VCID-4seq-hvbx-7fg8" }, { "vulnerability": "VCID-56wg-yafz-gkgx" }, { "vulnerability": "VCID-6we4-n888-6qhe" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-ddgz-rczw-jqfw" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-pwn6-j8vf-rufk" }, { "vulnerability": "VCID-qbpd-star-6fgn" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-xpss-yndr-mycj" }, { "vulnerability": "VCID-yaas-j3qk-kfdg" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.74.0-1.3%252Bdeb11u13%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582364?format=api", "purl": "pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-2szj-xvgq-pkfr" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-5xp7-mcsa-uqd4" }, { "vulnerability": "VCID-6we4-n888-6qhe" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-ksap-zrmb-ebcu" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.88.1-10%252Bdeb12u14%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583078?format=api", "purl": "pkg:deb/debian/curl@8.9.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.9.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582365?format=api", "purl": "pkg:deb/debian/curl@8.14.1-2%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-5xp7-mcsa-uqd4" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-amgy-dw6h-6ydf" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-kt4b-7ffh-4bch" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.14.1-2%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582366?format=api", "purl": "pkg:deb/debian/curl@8.19.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582367?format=api", "purl": "pkg:deb/debian/curl@8.19.0-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1067521?format=api", "purl": "pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1077418?format=api", "purl": "pkg:deb/debian/curl@8.20.0~rc3-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1088654?format=api", "purl": "pkg:deb/debian/curl@8.20.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-6874" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-my7a-jeng-5bhw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/82462?format=api", "vulnerability_id": "VCID-qpfa-s6sd-8yct", "summary": "curl: Windows OpenSSL engine code injection", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5443.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5443.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-5443", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00935", "scoring_system": "epss", "scoring_elements": "0.76247", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00935", "scoring_system": "epss", "scoring_elements": "0.76205", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00935", "scoring_system": "epss", "scoring_elements": "0.76186", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00935", "scoring_system": "epss", "scoring_elements": "0.76226", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00935", "scoring_system": "epss", "scoring_elements": "0.76235", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00953", "scoring_system": "epss", "scoring_elements": "0.76359", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00953", "scoring_system": "epss", "scoring_elements": "0.76405", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00953", "scoring_system": "epss", "scoring_elements": "0.76431", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00953", "scoring_system": "epss", "scoring_elements": "0.76409", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00953", "scoring_system": "epss", "scoring_elements": "0.76404", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00953", "scoring_system": "epss", "scoring_elements": "0.76444", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00953", "scoring_system": "epss", "scoring_elements": "0.76346", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00953", "scoring_system": "epss", "scoring_elements": "0.76392", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00953", "scoring_system": "epss", "scoring_elements": "0.7635", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00953", "scoring_system": "epss", "scoring_elements": "0.76379", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-5443" }, { "reference_url": "https://curl.se/docs/CVE-2019-5443.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2019-5443.html" }, { "reference_url": "https://hackerone.com/reports/608577", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/608577" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1772100", "reference_id": "1772100", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1772100" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582846?format=api", "purl": "pkg:deb/debian/curl@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582363?format=api", "purl": "pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-2szj-xvgq-pkfr" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-4e1k-7bj9-hfch" }, { "vulnerability": "VCID-4gze-cwtp-2bgr" }, { "vulnerability": "VCID-4seq-hvbx-7fg8" }, { "vulnerability": "VCID-56wg-yafz-gkgx" }, { "vulnerability": "VCID-6we4-n888-6qhe" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-ddgz-rczw-jqfw" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-pwn6-j8vf-rufk" }, { "vulnerability": "VCID-qbpd-star-6fgn" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-xpss-yndr-mycj" }, { "vulnerability": "VCID-yaas-j3qk-kfdg" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.74.0-1.3%252Bdeb11u13%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582364?format=api", "purl": "pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-2szj-xvgq-pkfr" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-5xp7-mcsa-uqd4" }, { "vulnerability": "VCID-6we4-n888-6qhe" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-ksap-zrmb-ebcu" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.88.1-10%252Bdeb12u14%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582365?format=api", "purl": "pkg:deb/debian/curl@8.14.1-2%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-5xp7-mcsa-uqd4" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-amgy-dw6h-6ydf" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-kt4b-7ffh-4bch" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.14.1-2%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582366?format=api", "purl": "pkg:deb/debian/curl@8.19.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582367?format=api", "purl": "pkg:deb/debian/curl@8.19.0-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1067521?format=api", "purl": "pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1077418?format=api", "purl": "pkg:deb/debian/curl@8.20.0~rc3-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1088654?format=api", "purl": "pkg:deb/debian/curl@8.20.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-5443" ], "risk_score": 3.8, "exploitability": "0.5", "weighted_severity": "7.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qpfa-s6sd-8yct" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49280?format=api", "vulnerability_id": "VCID-rg54-svzj-x7f9", "summary": "Multiple vulnerabilities have been found in curl, the worst of which could result in arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-35260.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-35260.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35260", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00182", "scoring_system": "epss", "scoring_elements": "0.3993", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00182", "scoring_system": "epss", "scoring_elements": "0.39957", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00194", "scoring_system": "epss", "scoring_elements": "0.41282", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00194", "scoring_system": "epss", "scoring_elements": "0.41333", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00194", "scoring_system": "epss", "scoring_elements": "0.41341", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00194", "scoring_system": "epss", "scoring_elements": "0.41362", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00238", "scoring_system": "epss", "scoring_elements": "0.46919", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00238", "scoring_system": "epss", "scoring_elements": "0.4687", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00253", "scoring_system": "epss", "scoring_elements": "0.48647", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00253", "scoring_system": "epss", "scoring_elements": "0.48631", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00253", "scoring_system": "epss", "scoring_elements": "0.48632", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00253", "scoring_system": "epss", "scoring_elements": "0.48645", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00253", "scoring_system": "epss", "scoring_elements": "0.48694", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00253", "scoring_system": "epss", "scoring_elements": "0.4869", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35260" }, { "reference_url": "https://curl.se/docs/CVE-2022-35260.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2022-35260.html" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://hackerone.com/reports/1721098", "reference_id": "", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-27T19:48:27Z/" } ], "url": "https://hackerone.com/reports/1721098" }, { "reference_url": "http://seclists.org/fulldisclosure/2023/Jan/19", "reference_id": "19", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-27T19:48:27Z/" } ], "url": "http://seclists.org/fulldisclosure/2023/Jan/19" }, { "reference_url": "http://seclists.org/fulldisclosure/2023/Jan/20", "reference_id": "20", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-27T19:48:27Z/" } ], "url": "http://seclists.org/fulldisclosure/2023/Jan/20" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135412", "reference_id": "2135412", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135412" }, { "reference_url": "https://security.gentoo.org/glsa/202212-01", "reference_id": "GLSA-202212-01", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-27T19:48:27Z/" } ], "url": "https://security.gentoo.org/glsa/202212-01" }, { "reference_url": "https://support.apple.com/kb/HT213604", "reference_id": "HT213604", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-27T19:48:27Z/" } ], "url": "https://support.apple.com/kb/HT213604" }, { "reference_url": "https://support.apple.com/kb/HT213605", "reference_id": "HT213605", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-27T19:48:27Z/" } ], "url": "https://support.apple.com/kb/HT213605" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230110-0006/", "reference_id": "ntap-20230110-0006", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-27T19:48:27Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20230110-0006/" }, { "reference_url": "https://usn.ubuntu.com/5702-1/", "reference_id": "USN-5702-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5702-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582846?format=api", "purl": "pkg:deb/debian/curl@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582363?format=api", "purl": "pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-2szj-xvgq-pkfr" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-4e1k-7bj9-hfch" }, { "vulnerability": "VCID-4gze-cwtp-2bgr" }, { "vulnerability": "VCID-4seq-hvbx-7fg8" }, { "vulnerability": "VCID-56wg-yafz-gkgx" }, { "vulnerability": "VCID-6we4-n888-6qhe" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-ddgz-rczw-jqfw" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-pwn6-j8vf-rufk" }, { "vulnerability": "VCID-qbpd-star-6fgn" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-xpss-yndr-mycj" }, { "vulnerability": "VCID-yaas-j3qk-kfdg" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.74.0-1.3%252Bdeb11u13%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583300?format=api", "purl": "pkg:deb/debian/curl@7.86.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.86.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582364?format=api", "purl": "pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-2szj-xvgq-pkfr" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-5xp7-mcsa-uqd4" }, { "vulnerability": "VCID-6we4-n888-6qhe" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-ksap-zrmb-ebcu" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.88.1-10%252Bdeb12u14%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582365?format=api", "purl": "pkg:deb/debian/curl@8.14.1-2%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-5xp7-mcsa-uqd4" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-amgy-dw6h-6ydf" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-kt4b-7ffh-4bch" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.14.1-2%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582366?format=api", "purl": "pkg:deb/debian/curl@8.19.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582367?format=api", "purl": "pkg:deb/debian/curl@8.19.0-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1067521?format=api", "purl": "pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1077418?format=api", "purl": "pkg:deb/debian/curl@8.20.0~rc3-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1088654?format=api", "purl": "pkg:deb/debian/curl@8.20.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-35260" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rg54-svzj-x7f9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49270?format=api", "vulnerability_id": "VCID-rhxh-77pj-1bfy", "summary": "Multiple vulnerabilities have been found in curl, the worst of which could result in arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27780.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27780.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-27780", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36259", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36683", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36692", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36658", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36632", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36677", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36659", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36599", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36375", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36345", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36748", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36779", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36615", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36667", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-27780" }, { "reference_url": "https://curl.se/docs/CVE-2022-27780.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2022-27780.html" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://hackerone.com/reports/1553841", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-26T20:10:43Z/" } ], "url": "https://hackerone.com/reports/1553841" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2082203", "reference_id": "2082203", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2082203" }, { "reference_url": "https://security.archlinux.org/AVG-2706", "reference_id": "AVG-2706", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2706" }, { "reference_url": "https://security.gentoo.org/glsa/202212-01", "reference_id": "GLSA-202212-01", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-26T20:10:43Z/" } ], "url": "https://security.gentoo.org/glsa/202212-01" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220609-0009/", "reference_id": "ntap-20220609-0009", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-26T20:10:43Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20220609-0009/" }, { "reference_url": "https://usn.ubuntu.com/5412-1/", "reference_id": "USN-5412-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5412-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582846?format=api", "purl": "pkg:deb/debian/curl@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582363?format=api", "purl": "pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-2szj-xvgq-pkfr" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-4e1k-7bj9-hfch" }, { "vulnerability": "VCID-4gze-cwtp-2bgr" }, { "vulnerability": "VCID-4seq-hvbx-7fg8" }, { "vulnerability": "VCID-56wg-yafz-gkgx" }, { "vulnerability": "VCID-6we4-n888-6qhe" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-ddgz-rczw-jqfw" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-pwn6-j8vf-rufk" }, { "vulnerability": "VCID-qbpd-star-6fgn" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-xpss-yndr-mycj" }, { "vulnerability": "VCID-yaas-j3qk-kfdg" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.74.0-1.3%252Bdeb11u13%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582920?format=api", "purl": "pkg:deb/debian/curl@7.83.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.83.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582364?format=api", "purl": "pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-2szj-xvgq-pkfr" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-5xp7-mcsa-uqd4" }, { "vulnerability": "VCID-6we4-n888-6qhe" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-ksap-zrmb-ebcu" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.88.1-10%252Bdeb12u14%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582365?format=api", "purl": "pkg:deb/debian/curl@8.14.1-2%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-5xp7-mcsa-uqd4" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-amgy-dw6h-6ydf" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-kt4b-7ffh-4bch" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.14.1-2%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582366?format=api", "purl": "pkg:deb/debian/curl@8.19.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582367?format=api", "purl": "pkg:deb/debian/curl@8.19.0-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1067521?format=api", "purl": "pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1077418?format=api", "purl": "pkg:deb/debian/curl@8.20.0~rc3-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1088654?format=api", "purl": "pkg:deb/debian/curl@8.20.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-27780" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rhxh-77pj-1bfy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/158821?format=api", "vulnerability_id": "VCID-snaz-pg1h-8kew", "summary": "cURL before 7.47.0 on Windows allows attackers to write to arbitrary files in the current working directory on a different drive via a colon in a remote file name.", "references": [ { "reference_url": "http://curl.haxx.se/docs/adv_20160127B.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://curl.haxx.se/docs/adv_20160127B.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-0754", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00351", "scoring_system": "epss", "scoring_elements": "0.57494", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00351", "scoring_system": "epss", "scoring_elements": "0.57495", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00351", "scoring_system": "epss", "scoring_elements": "0.57515", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00351", "scoring_system": "epss", "scoring_elements": "0.57423", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00351", "scoring_system": "epss", "scoring_elements": "0.57507", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00351", "scoring_system": "epss", "scoring_elements": "0.57528", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00351", "scoring_system": "epss", "scoring_elements": "0.57504", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00351", "scoring_system": "epss", "scoring_elements": "0.57556", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00351", "scoring_system": "epss", "scoring_elements": "0.5756", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00351", "scoring_system": "epss", "scoring_elements": "0.57575", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00351", "scoring_system": "epss", "scoring_elements": "0.57555", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00351", "scoring_system": "epss", "scoring_elements": "0.57533", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00351", "scoring_system": "epss", "scoring_elements": "0.57561", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00351", "scoring_system": "epss", "scoring_elements": "0.57557", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00351", "scoring_system": "epss", "scoring_elements": "0.57537", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-0754" }, { "reference_url": "https://curl.se/docs/CVE-2016-0754.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2016-0754.html" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0754", "reference_id": "CVE-2016-0754", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:P/A:N" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0754" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582846?format=api", "purl": "pkg:deb/debian/curl@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582363?format=api", "purl": "pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-2szj-xvgq-pkfr" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-4e1k-7bj9-hfch" }, { "vulnerability": "VCID-4gze-cwtp-2bgr" }, { "vulnerability": "VCID-4seq-hvbx-7fg8" }, { "vulnerability": "VCID-56wg-yafz-gkgx" }, { "vulnerability": "VCID-6we4-n888-6qhe" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-ddgz-rczw-jqfw" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-pwn6-j8vf-rufk" }, { "vulnerability": "VCID-qbpd-star-6fgn" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-xpss-yndr-mycj" }, { "vulnerability": "VCID-yaas-j3qk-kfdg" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.74.0-1.3%252Bdeb11u13%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582364?format=api", "purl": "pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-2szj-xvgq-pkfr" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-5xp7-mcsa-uqd4" }, { "vulnerability": "VCID-6we4-n888-6qhe" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-ksap-zrmb-ebcu" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.88.1-10%252Bdeb12u14%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582365?format=api", "purl": "pkg:deb/debian/curl@8.14.1-2%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-5xp7-mcsa-uqd4" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-amgy-dw6h-6ydf" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-kt4b-7ffh-4bch" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.14.1-2%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582366?format=api", "purl": "pkg:deb/debian/curl@8.19.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582367?format=api", "purl": "pkg:deb/debian/curl@8.19.0-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1067521?format=api", "purl": "pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1077418?format=api", "purl": "pkg:deb/debian/curl@8.20.0~rc3-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1088654?format=api", "purl": "pkg:deb/debian/curl@8.20.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-0754" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-snaz-pg1h-8kew" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34688?format=api", "vulnerability_id": "VCID-t753-w1ha-kqaz", "summary": "Multiple vulnerabilities have been found in cURL, the worst of\n which could allow remote attackers to execute arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8151.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8151.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-8151", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00424", "scoring_system": "epss", "scoring_elements": "0.62245", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00424", "scoring_system": "epss", "scoring_elements": "0.62074", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00424", "scoring_system": "epss", "scoring_elements": "0.62134", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00424", "scoring_system": "epss", "scoring_elements": "0.62166", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00424", "scoring_system": "epss", "scoring_elements": "0.62184", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00424", "scoring_system": "epss", "scoring_elements": "0.62202", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00424", "scoring_system": "epss", "scoring_elements": "0.6222", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00424", "scoring_system": "epss", "scoring_elements": "0.6221", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00424", "scoring_system": "epss", "scoring_elements": "0.62189", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00424", "scoring_system": "epss", "scoring_elements": "0.62234", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00424", "scoring_system": "epss", "scoring_elements": "0.62241", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00424", "scoring_system": "epss", "scoring_elements": "0.62225", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00424", "scoring_system": "epss", "scoring_elements": "0.62236", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00424", "scoring_system": "epss", "scoring_elements": "0.62252", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-8151" }, { "reference_url": "https://curl.se/docs/CVE-2014-8151.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2014-8151.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1178698", "reference_id": "1178698", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1178698" }, { "reference_url": "https://security.gentoo.org/glsa/201701-47", "reference_id": "GLSA-201701-47", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-47" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582846?format=api", "purl": "pkg:deb/debian/curl@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582363?format=api", "purl": "pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-2szj-xvgq-pkfr" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-4e1k-7bj9-hfch" }, { "vulnerability": "VCID-4gze-cwtp-2bgr" }, { "vulnerability": "VCID-4seq-hvbx-7fg8" }, { "vulnerability": "VCID-56wg-yafz-gkgx" }, { "vulnerability": "VCID-6we4-n888-6qhe" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-ddgz-rczw-jqfw" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-pwn6-j8vf-rufk" }, { "vulnerability": "VCID-qbpd-star-6fgn" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-xpss-yndr-mycj" }, { "vulnerability": "VCID-yaas-j3qk-kfdg" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.74.0-1.3%252Bdeb11u13%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582364?format=api", "purl": "pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-2szj-xvgq-pkfr" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-5xp7-mcsa-uqd4" }, { "vulnerability": "VCID-6we4-n888-6qhe" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-ksap-zrmb-ebcu" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.88.1-10%252Bdeb12u14%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582365?format=api", "purl": "pkg:deb/debian/curl@8.14.1-2%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-5xp7-mcsa-uqd4" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-amgy-dw6h-6ydf" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-kt4b-7ffh-4bch" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.14.1-2%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582366?format=api", "purl": "pkg:deb/debian/curl@8.19.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582367?format=api", "purl": "pkg:deb/debian/curl@8.19.0-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1067521?format=api", "purl": "pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1077418?format=api", "purl": "pkg:deb/debian/curl@8.20.0~rc3-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1088654?format=api", "purl": "pkg:deb/debian/curl@8.20.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-8151" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t753-w1ha-kqaz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97812?format=api", "vulnerability_id": "VCID-t9p4-2x7v-yfaq", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-0167", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00331", "scoring_system": "epss", "scoring_elements": "0.56114", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00331", "scoring_system": "epss", "scoring_elements": "0.56103", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00331", "scoring_system": "epss", "scoring_elements": "0.56112", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00331", "scoring_system": "epss", "scoring_elements": "0.56109", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00331", "scoring_system": "epss", "scoring_elements": "0.56074", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00331", "scoring_system": "epss", "scoring_elements": "0.56091", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00341", "scoring_system": "epss", "scoring_elements": "0.56749", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00341", "scoring_system": "epss", "scoring_elements": "0.56789", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00341", "scoring_system": "epss", "scoring_elements": "0.5681", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00341", "scoring_system": "epss", "scoring_elements": "0.56786", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00341", "scoring_system": "epss", "scoring_elements": "0.56838", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00341", "scoring_system": "epss", "scoring_elements": "0.56809", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00341", "scoring_system": "epss", "scoring_elements": "0.56748", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00341", "scoring_system": "epss", "scoring_elements": "0.56766", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-0167" }, { "reference_url": "https://curl.se/docs/CVE-2025-0167.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Low", "scoring_system": "cvssv3.1", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-05T15:52:41Z/" } ], "url": "https://curl.se/docs/CVE-2025-0167.html" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://hackerone.com/reports/2917232", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-05T15:52:41Z/" } ], "url": "https://hackerone.com/reports/2917232" }, { "reference_url": "https://curl.se/docs/CVE-2025-0167.json", "reference_id": "CVE-2025-0167.json", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-05T15:52:41Z/" } ], "url": "https://curl.se/docs/CVE-2025-0167.json" }, { "reference_url": "https://usn.ubuntu.com/8084-1/", "reference_id": "USN-8084-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8084-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582846?format=api", "purl": "pkg:deb/debian/curl@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582363?format=api", "purl": "pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-2szj-xvgq-pkfr" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-4e1k-7bj9-hfch" }, { "vulnerability": "VCID-4gze-cwtp-2bgr" }, { "vulnerability": "VCID-4seq-hvbx-7fg8" }, { "vulnerability": "VCID-56wg-yafz-gkgx" }, { "vulnerability": "VCID-6we4-n888-6qhe" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-ddgz-rczw-jqfw" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-pwn6-j8vf-rufk" }, { "vulnerability": "VCID-qbpd-star-6fgn" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-xpss-yndr-mycj" }, { "vulnerability": "VCID-yaas-j3qk-kfdg" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.74.0-1.3%252Bdeb11u13%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/584850?format=api", "purl": "pkg:deb/debian/curl@7.88.1-10%2Bdeb12u11?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.88.1-10%252Bdeb12u11%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582364?format=api", "purl": "pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-2szj-xvgq-pkfr" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-5xp7-mcsa-uqd4" }, { "vulnerability": "VCID-6we4-n888-6qhe" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-ksap-zrmb-ebcu" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.88.1-10%252Bdeb12u14%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582847?format=api", "purl": "pkg:deb/debian/curl@8.12.0%2Bgit20250209.89ed161%2Bds-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.12.0%252Bgit20250209.89ed161%252Bds-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582365?format=api", "purl": "pkg:deb/debian/curl@8.14.1-2%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-5xp7-mcsa-uqd4" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-amgy-dw6h-6ydf" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-kt4b-7ffh-4bch" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.14.1-2%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582366?format=api", "purl": "pkg:deb/debian/curl@8.19.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582367?format=api", "purl": "pkg:deb/debian/curl@8.19.0-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1067521?format=api", "purl": "pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1077418?format=api", "purl": "pkg:deb/debian/curl@8.20.0~rc3-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1088654?format=api", "purl": "pkg:deb/debian/curl@8.20.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-0167" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t9p4-2x7v-yfaq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47211?format=api", "vulnerability_id": "VCID-tha5-fv3w-sub6", "summary": "Multiple vulnerabilities have been discovered in curl, the worst of which could lead to information disclosure.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-2004.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-2004.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-2004", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00838", "scoring_system": "epss", "scoring_elements": "0.74722", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00838", "scoring_system": "epss", "scoring_elements": "0.7469", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00838", "scoring_system": "epss", "scoring_elements": "0.74675", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00838", "scoring_system": "epss", "scoring_elements": "0.74644", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00838", "scoring_system": "epss", "scoring_elements": "0.74669", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00838", "scoring_system": "epss", "scoring_elements": "0.74642", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00838", "scoring_system": "epss", "scoring_elements": "0.74765", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00838", "scoring_system": "epss", "scoring_elements": "0.74762", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00838", "scoring_system": "epss", "scoring_elements": "0.74756", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00838", "scoring_system": "epss", "scoring_elements": "0.7472", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00838", "scoring_system": "epss", "scoring_elements": "0.74729", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00838", "scoring_system": "epss", "scoring_elements": "0.74685", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00838", "scoring_system": "epss", "scoring_elements": "0.74693", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00838", "scoring_system": "epss", "scoring_elements": "0.74713", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-2004" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/03/27/1", "reference_id": "1", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T18:17:42Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/03/27/1" }, { "reference_url": "http://seclists.org/fulldisclosure/2024/Jul/18", "reference_id": "18", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T18:17:42Z/" } ], "url": "http://seclists.org/fulldisclosure/2024/Jul/18" }, { "reference_url": "http://seclists.org/fulldisclosure/2024/Jul/19", "reference_id": "19", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T18:17:42Z/" } ], "url": "http://seclists.org/fulldisclosure/2024/Jul/19" }, { "reference_url": "http://seclists.org/fulldisclosure/2024/Jul/20", "reference_id": "20", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T18:17:42Z/" } ], "url": "http://seclists.org/fulldisclosure/2024/Jul/20" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270500", "reference_id": "2270500", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270500" }, { "reference_url": "https://hackerone.com/reports/2384833", "reference_id": "2384833", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T18:17:42Z/" } ], "url": "https://hackerone.com/reports/2384833" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2D44YLAUFJU6BZ4XFG2FYV7SBKXB5IZ6/", "reference_id": "2D44YLAUFJU6BZ4XFG2FYV7SBKXB5IZ6", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T18:17:42Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2D44YLAUFJU6BZ4XFG2FYV7SBKXB5IZ6/" }, { "reference_url": "https://curl.se/docs/CVE-2024-2004.html", "reference_id": "CVE-2024-2004.html", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N" }, { "value": "Low", "scoring_system": "cvssv3.1", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T18:17:42Z/" } ], "url": "https://curl.se/docs/CVE-2024-2004.html" }, { "reference_url": "https://curl.se/docs/CVE-2024-2004.json", "reference_id": "CVE-2024-2004.json", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T18:17:42Z/" } ], "url": "https://curl.se/docs/CVE-2024-2004.json" }, { "reference_url": "https://security.gentoo.org/glsa/202409-20", "reference_id": "GLSA-202409-20", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202409-20" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GMD6UYKCCRCYETWQZUJ65ZRFULT6SHLI/", "reference_id": "GMD6UYKCCRCYETWQZUJ65ZRFULT6SHLI", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T18:17:42Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GMD6UYKCCRCYETWQZUJ65ZRFULT6SHLI/" }, { "reference_url": "https://support.apple.com/kb/HT214118", "reference_id": "HT214118", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T18:17:42Z/" } ], "url": "https://support.apple.com/kb/HT214118" }, { "reference_url": "https://support.apple.com/kb/HT214119", "reference_id": "HT214119", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T18:17:42Z/" } ], "url": "https://support.apple.com/kb/HT214119" }, { "reference_url": "https://support.apple.com/kb/HT214120", "reference_id": "HT214120", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T18:17:42Z/" } ], "url": "https://support.apple.com/kb/HT214120" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240524-0006/", "reference_id": "ntap-20240524-0006", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T18:17:42Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240524-0006/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2693", "reference_id": "RHSA-2024:2693", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2693" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2694", "reference_id": "RHSA-2024:2694", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2694" }, { "reference_url": "https://usn.ubuntu.com/6718-1/", "reference_id": "USN-6718-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6718-1/" }, { "reference_url": "https://usn.ubuntu.com/6718-3/", "reference_id": "USN-6718-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6718-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582846?format=api", "purl": "pkg:deb/debian/curl@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582363?format=api", "purl": "pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-2szj-xvgq-pkfr" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-4e1k-7bj9-hfch" }, { "vulnerability": "VCID-4gze-cwtp-2bgr" }, { "vulnerability": "VCID-4seq-hvbx-7fg8" }, { "vulnerability": "VCID-56wg-yafz-gkgx" }, { "vulnerability": "VCID-6we4-n888-6qhe" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-ddgz-rczw-jqfw" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-pwn6-j8vf-rufk" }, { "vulnerability": "VCID-qbpd-star-6fgn" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-xpss-yndr-mycj" }, { "vulnerability": "VCID-yaas-j3qk-kfdg" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.74.0-1.3%252Bdeb11u13%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/584795?format=api", "purl": "pkg:deb/debian/curl@7.88.1-10%2Bdeb12u6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.88.1-10%252Bdeb12u6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582364?format=api", "purl": "pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-2szj-xvgq-pkfr" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-5xp7-mcsa-uqd4" }, { "vulnerability": "VCID-6we4-n888-6qhe" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-ksap-zrmb-ebcu" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.88.1-10%252Bdeb12u14%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/584796?format=api", "purl": "pkg:deb/debian/curl@8.7.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.7.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582365?format=api", "purl": "pkg:deb/debian/curl@8.14.1-2%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-5xp7-mcsa-uqd4" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-amgy-dw6h-6ydf" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-kt4b-7ffh-4bch" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.14.1-2%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582366?format=api", "purl": "pkg:deb/debian/curl@8.19.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582367?format=api", "purl": "pkg:deb/debian/curl@8.19.0-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1067521?format=api", "purl": "pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1077418?format=api", "purl": "pkg:deb/debian/curl@8.20.0~rc3-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1088654?format=api", "purl": "pkg:deb/debian/curl@8.20.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-2004" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tha5-fv3w-sub6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/84241?format=api", "vulnerability_id": "VCID-u9jp-j1ds-73e7", "summary": "curl: URL file scheme drive letter buffer overflow", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9502.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9502.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9502", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00555", "scoring_system": "epss", "scoring_elements": "0.68058", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00555", "scoring_system": "epss", "scoring_elements": "0.6808", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00555", "scoring_system": "epss", "scoring_elements": "0.68099", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00555", "scoring_system": "epss", "scoring_elements": "0.68077", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00555", "scoring_system": "epss", "scoring_elements": "0.68128", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00555", "scoring_system": "epss", "scoring_elements": "0.68143", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00555", "scoring_system": "epss", "scoring_elements": "0.68167", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00555", "scoring_system": "epss", "scoring_elements": "0.68154", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00555", "scoring_system": "epss", "scoring_elements": "0.68121", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00555", "scoring_system": "epss", "scoring_elements": "0.68157", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00555", "scoring_system": "epss", "scoring_elements": "0.6817", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00555", "scoring_system": "epss", "scoring_elements": "0.68152", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00555", "scoring_system": "epss", "scoring_elements": "0.68195", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00555", "scoring_system": "epss", "scoring_elements": "0.68204", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00555", "scoring_system": "epss", "scoring_elements": "0.68208", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9502" }, { "reference_url": "https://curl.se/docs/CVE-2017-9502.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2017-9502.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1461321", "reference_id": "1461321", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1461321" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582846?format=api", "purl": "pkg:deb/debian/curl@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582363?format=api", "purl": "pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-2szj-xvgq-pkfr" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-4e1k-7bj9-hfch" }, { "vulnerability": "VCID-4gze-cwtp-2bgr" }, { "vulnerability": "VCID-4seq-hvbx-7fg8" }, { "vulnerability": "VCID-56wg-yafz-gkgx" }, { "vulnerability": "VCID-6we4-n888-6qhe" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-ddgz-rczw-jqfw" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-pwn6-j8vf-rufk" }, { "vulnerability": "VCID-qbpd-star-6fgn" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-xpss-yndr-mycj" }, { "vulnerability": "VCID-yaas-j3qk-kfdg" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.74.0-1.3%252Bdeb11u13%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582364?format=api", "purl": "pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-2szj-xvgq-pkfr" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-5xp7-mcsa-uqd4" }, { "vulnerability": "VCID-6we4-n888-6qhe" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-ksap-zrmb-ebcu" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.88.1-10%252Bdeb12u14%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582365?format=api", "purl": "pkg:deb/debian/curl@8.14.1-2%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-5xp7-mcsa-uqd4" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-amgy-dw6h-6ydf" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-kt4b-7ffh-4bch" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.14.1-2%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582366?format=api", "purl": "pkg:deb/debian/curl@8.19.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582367?format=api", "purl": "pkg:deb/debian/curl@8.19.0-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1067521?format=api", "purl": "pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1077418?format=api", "purl": "pkg:deb/debian/curl@8.20.0~rc3-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1088654?format=api", "purl": "pkg:deb/debian/curl@8.20.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-9502" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u9jp-j1ds-73e7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49273?format=api", "vulnerability_id": "VCID-v9n1-d6xt-6ubn", "summary": "Multiple vulnerabilities have been found in curl, the worst of which could result in arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30115.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30115.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-30115", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00101", "scoring_system": "epss", "scoring_elements": "0.27478", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00101", "scoring_system": "epss", "scoring_elements": "0.27713", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00101", "scoring_system": "epss", "scoring_elements": "0.27658", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00101", "scoring_system": "epss", "scoring_elements": "0.2755", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00101", "scoring_system": "epss", "scoring_elements": "0.27925", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00101", "scoring_system": "epss", "scoring_elements": "0.27967", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00101", "scoring_system": "epss", "scoring_elements": "0.27758", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00101", "scoring_system": "epss", "scoring_elements": "0.27826", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00101", "scoring_system": "epss", "scoring_elements": "0.27867", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00101", "scoring_system": "epss", "scoring_elements": "0.27873", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00101", "scoring_system": "epss", "scoring_elements": "0.27831", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00101", "scoring_system": "epss", "scoring_elements": "0.27774", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00101", "scoring_system": "epss", "scoring_elements": "0.2778", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00101", "scoring_system": "epss", "scoring_elements": "0.27755", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-30115" }, { "reference_url": "https://curl.se/docs/CVE-2022-30115.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2022-30115.html" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://hackerone.com/reports/1557449", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/1557449" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2082223", "reference_id": "2082223", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2082223" }, { "reference_url": "https://security.archlinux.org/AVG-2706", "reference_id": "AVG-2706", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2706" }, { "reference_url": "https://security.gentoo.org/glsa/202212-01", "reference_id": "GLSA-202212-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202212-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582846?format=api", "purl": "pkg:deb/debian/curl@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582363?format=api", "purl": "pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-2szj-xvgq-pkfr" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-4e1k-7bj9-hfch" }, { "vulnerability": "VCID-4gze-cwtp-2bgr" }, { "vulnerability": "VCID-4seq-hvbx-7fg8" }, { "vulnerability": "VCID-56wg-yafz-gkgx" }, { "vulnerability": "VCID-6we4-n888-6qhe" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-ddgz-rczw-jqfw" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-pwn6-j8vf-rufk" }, { "vulnerability": "VCID-qbpd-star-6fgn" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-xpss-yndr-mycj" }, { "vulnerability": "VCID-yaas-j3qk-kfdg" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.74.0-1.3%252Bdeb11u13%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582920?format=api", "purl": "pkg:deb/debian/curl@7.83.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.83.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582364?format=api", "purl": "pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-2szj-xvgq-pkfr" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-5xp7-mcsa-uqd4" }, { "vulnerability": "VCID-6we4-n888-6qhe" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-ksap-zrmb-ebcu" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.88.1-10%252Bdeb12u14%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582365?format=api", "purl": "pkg:deb/debian/curl@8.14.1-2%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-5xp7-mcsa-uqd4" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-amgy-dw6h-6ydf" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-kt4b-7ffh-4bch" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.14.1-2%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582366?format=api", "purl": "pkg:deb/debian/curl@8.19.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582367?format=api", "purl": "pkg:deb/debian/curl@8.19.0-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1067521?format=api", "purl": "pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1077418?format=api", "purl": "pkg:deb/debian/curl@8.20.0~rc3-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1088654?format=api", "purl": "pkg:deb/debian/curl@8.20.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-30115" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v9n1-d6xt-6ubn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/161813?format=api", "vulnerability_id": "VCID-wc8j-qyp4-tqbd", "summary": "Multiple untrusted search path vulnerabilities in cURL and libcurl before 7.49.1, when built with SSPI or telnet is enabled, allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) security.dll, (2) secur32.dll, or (3) ws2_32.dll in the application or current working directory.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4802", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00612", "scoring_system": "epss", "scoring_elements": "0.69897", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00612", "scoring_system": "epss", "scoring_elements": "0.69885", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00612", "scoring_system": "epss", "scoring_elements": "0.69894", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00612", "scoring_system": "epss", "scoring_elements": "0.6974", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00612", "scoring_system": "epss", "scoring_elements": "0.69751", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00612", "scoring_system": "epss", "scoring_elements": "0.69767", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00612", "scoring_system": "epss", "scoring_elements": "0.69743", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00612", "scoring_system": "epss", "scoring_elements": "0.69791", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00612", "scoring_system": "epss", "scoring_elements": "0.69807", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00612", "scoring_system": "epss", "scoring_elements": "0.6983", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00612", "scoring_system": "epss", "scoring_elements": "0.69815", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00612", "scoring_system": "epss", "scoring_elements": "0.698", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00612", "scoring_system": "epss", "scoring_elements": "0.69842", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00612", "scoring_system": "epss", "scoring_elements": "0.69852", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00612", "scoring_system": "epss", "scoring_elements": "0.69833", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4802" }, { "reference_url": "https://curl.haxx.se/docs/adv_20160530.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://curl.haxx.se/docs/adv_20160530.html" }, { "reference_url": "https://curl.se/docs/CVE-2016-4802.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2016-4802.html" }, { "reference_url": "http://www.securityfocus.com/bid/90997", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/90997" }, { "reference_url": "http://www.securitytracker.com/id/1036008", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1036008" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4802", "reference_id": "CVE-2016-4802", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:M/Au:N/C:C/I:C/A:C" }, { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4802" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582846?format=api", "purl": "pkg:deb/debian/curl@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582363?format=api", "purl": "pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-2szj-xvgq-pkfr" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-4e1k-7bj9-hfch" }, { "vulnerability": "VCID-4gze-cwtp-2bgr" }, { "vulnerability": "VCID-4seq-hvbx-7fg8" }, { "vulnerability": "VCID-56wg-yafz-gkgx" }, { "vulnerability": "VCID-6we4-n888-6qhe" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-ddgz-rczw-jqfw" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-pwn6-j8vf-rufk" }, { "vulnerability": "VCID-qbpd-star-6fgn" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-xpss-yndr-mycj" }, { "vulnerability": "VCID-yaas-j3qk-kfdg" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.74.0-1.3%252Bdeb11u13%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582364?format=api", "purl": "pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-2szj-xvgq-pkfr" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-5xp7-mcsa-uqd4" }, { "vulnerability": "VCID-6we4-n888-6qhe" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-ksap-zrmb-ebcu" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.88.1-10%252Bdeb12u14%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582365?format=api", "purl": "pkg:deb/debian/curl@8.14.1-2%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-5xp7-mcsa-uqd4" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-amgy-dw6h-6ydf" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-kt4b-7ffh-4bch" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.14.1-2%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582366?format=api", "purl": "pkg:deb/debian/curl@8.19.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582367?format=api", "purl": "pkg:deb/debian/curl@8.19.0-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1067521?format=api", "purl": "pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1077418?format=api", "purl": "pkg:deb/debian/curl@8.20.0~rc3-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1088654?format=api", "purl": "pkg:deb/debian/curl@8.20.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-4802" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wc8j-qyp4-tqbd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/84479?format=api", "vulnerability_id": "VCID-wdhs-h36p-qbga", "summary": "curl: negotiate not treated as connection-oriented (incomplete fix for CVE-2015-3148)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2628.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2628.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-2628", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00831", "scoring_system": "epss", "scoring_elements": "0.74503", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00831", "scoring_system": "epss", "scoring_elements": "0.74508", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00831", "scoring_system": "epss", "scoring_elements": "0.74535", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00831", "scoring_system": "epss", "scoring_elements": "0.74509", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00831", "scoring_system": "epss", "scoring_elements": "0.74541", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00831", "scoring_system": "epss", "scoring_elements": "0.74557", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00831", "scoring_system": "epss", "scoring_elements": "0.74579", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00831", "scoring_system": "epss", "scoring_elements": "0.7456", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00831", "scoring_system": "epss", "scoring_elements": "0.74552", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00831", "scoring_system": "epss", "scoring_elements": "0.7459", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00831", "scoring_system": "epss", "scoring_elements": "0.74597", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00831", "scoring_system": "epss", "scoring_elements": "0.74589", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00831", "scoring_system": "epss", "scoring_elements": "0.74624", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00831", "scoring_system": "epss", "scoring_elements": "0.74631", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00831", "scoring_system": "epss", "scoring_elements": "0.74632", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-2628" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1422464", "reference_id": "1422464", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1422464" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0847", "reference_id": "RHSA-2017:0847", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0847" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582846?format=api", "purl": "pkg:deb/debian/curl@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582363?format=api", "purl": "pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-2szj-xvgq-pkfr" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-4e1k-7bj9-hfch" }, { "vulnerability": "VCID-4gze-cwtp-2bgr" }, { "vulnerability": "VCID-4seq-hvbx-7fg8" }, { "vulnerability": "VCID-56wg-yafz-gkgx" }, { "vulnerability": "VCID-6we4-n888-6qhe" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-ddgz-rczw-jqfw" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-pwn6-j8vf-rufk" }, { "vulnerability": "VCID-qbpd-star-6fgn" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-xpss-yndr-mycj" }, { "vulnerability": "VCID-yaas-j3qk-kfdg" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.74.0-1.3%252Bdeb11u13%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582364?format=api", "purl": "pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-2szj-xvgq-pkfr" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-5xp7-mcsa-uqd4" }, { "vulnerability": "VCID-6we4-n888-6qhe" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-ksap-zrmb-ebcu" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.88.1-10%252Bdeb12u14%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582365?format=api", "purl": "pkg:deb/debian/curl@8.14.1-2%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-5xp7-mcsa-uqd4" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-amgy-dw6h-6ydf" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-kt4b-7ffh-4bch" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.14.1-2%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582366?format=api", "purl": "pkg:deb/debian/curl@8.19.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582367?format=api", "purl": "pkg:deb/debian/curl@8.19.0-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1067521?format=api", "purl": "pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1077418?format=api", "purl": "pkg:deb/debian/curl@8.20.0~rc3-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1088654?format=api", "purl": "pkg:deb/debian/curl@8.20.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-2628" ], "risk_score": 2.1, "exploitability": "0.5", "weighted_severity": "4.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wdhs-h36p-qbga" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72616?format=api", "vulnerability_id": "VCID-wgma-bycg-1qb1", "summary": "curl: curl netrc password leak", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-11053.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-11053.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-11053", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00949", "scoring_system": "epss", "scoring_elements": "0.76447", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00949", "scoring_system": "epss", "scoring_elements": "0.76388", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00949", "scoring_system": "epss", "scoring_elements": "0.76366", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00949", "scoring_system": "epss", "scoring_elements": "0.76361", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00949", "scoring_system": "epss", "scoring_elements": "0.76402", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00949", "scoring_system": "epss", "scoring_elements": "0.76408", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00949", "scoring_system": "epss", "scoring_elements": "0.76393", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00949", "scoring_system": "epss", "scoring_elements": "0.76427", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00949", "scoring_system": "epss", "scoring_elements": "0.76433", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00949", "scoring_system": "epss", "scoring_elements": "0.76306", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00949", "scoring_system": "epss", "scoring_elements": "0.76336", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00949", "scoring_system": "epss", "scoring_elements": "0.76315", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00949", "scoring_system": "epss", "scoring_elements": "0.76348", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00949", "scoring_system": "epss", "scoring_elements": "0.76362", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-11053" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1089682", "reference_id": "1089682", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1089682" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331191", "reference_id": "2331191", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331191" }, { "reference_url": "https://hackerone.com/reports/2829063", "reference_id": "2829063", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-15T16:47:42Z/" } ], "url": "https://hackerone.com/reports/2829063" }, { "reference_url": "https://curl.se/docs/CVE-2024-11053.html", "reference_id": "CVE-2024-11053.html", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Low", "scoring_system": "cvssv3.1", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-15T16:47:42Z/" } ], "url": "https://curl.se/docs/CVE-2024-11053.html" }, { "reference_url": "https://curl.se/docs/CVE-2024-11053.json", "reference_id": "CVE-2024-11053.json", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-15T16:47:42Z/" } ], "url": "https://curl.se/docs/CVE-2024-11053.json" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1671", "reference_id": "RHSA-2025:1671", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1671" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1673", "reference_id": "RHSA-2025:1673", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1673" }, { "reference_url": "https://usn.ubuntu.com/7162-1/", "reference_id": "USN-7162-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7162-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582846?format=api", "purl": "pkg:deb/debian/curl@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582363?format=api", "purl": "pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-2szj-xvgq-pkfr" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-4e1k-7bj9-hfch" }, { "vulnerability": "VCID-4gze-cwtp-2bgr" }, { "vulnerability": "VCID-4seq-hvbx-7fg8" }, { "vulnerability": "VCID-56wg-yafz-gkgx" }, { "vulnerability": "VCID-6we4-n888-6qhe" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-ddgz-rczw-jqfw" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-pwn6-j8vf-rufk" }, { "vulnerability": "VCID-qbpd-star-6fgn" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-xpss-yndr-mycj" }, { "vulnerability": "VCID-yaas-j3qk-kfdg" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.74.0-1.3%252Bdeb11u13%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/586387?format=api", "purl": "pkg:deb/debian/curl@7.88.1-10%2Bdeb12u10?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.88.1-10%252Bdeb12u10%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582364?format=api", "purl": "pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-2szj-xvgq-pkfr" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-5xp7-mcsa-uqd4" }, { "vulnerability": "VCID-6we4-n888-6qhe" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-ksap-zrmb-ebcu" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.88.1-10%252Bdeb12u14%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/586388?format=api", "purl": "pkg:deb/debian/curl@8.11.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.11.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582365?format=api", "purl": "pkg:deb/debian/curl@8.14.1-2%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-5xp7-mcsa-uqd4" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-amgy-dw6h-6ydf" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-kt4b-7ffh-4bch" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.14.1-2%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582366?format=api", "purl": "pkg:deb/debian/curl@8.19.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582367?format=api", "purl": "pkg:deb/debian/curl@8.19.0-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1067521?format=api", "purl": "pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1077418?format=api", "purl": "pkg:deb/debian/curl@8.20.0~rc3-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1088654?format=api", "purl": "pkg:deb/debian/curl@8.20.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-11053" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wgma-bycg-1qb1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/147275?format=api", "vulnerability_id": "VCID-ya9y-nav3-37hh", "summary": "curl and libcurl 7.27.0 through 7.35.0, when using the SecureTransport/Darwinssl backend, as used in in Apple OS X 10.9.x before 10.9.2, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate when accessing a URL that uses a numerical IP address, which allows man-in-the-middle attackers to spoof servers via an arbitrary valid certificate.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-1263", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05846", "scoring_system": "epss", "scoring_elements": "0.90572", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.05846", "scoring_system": "epss", "scoring_elements": "0.90504", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.05846", "scoring_system": "epss", "scoring_elements": "0.90508", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.05846", "scoring_system": "epss", "scoring_elements": "0.90519", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.05846", "scoring_system": "epss", "scoring_elements": "0.90525", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.05846", "scoring_system": "epss", "scoring_elements": "0.90538", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.05846", "scoring_system": "epss", "scoring_elements": "0.90544", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.05846", "scoring_system": "epss", "scoring_elements": "0.90552", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.05846", "scoring_system": "epss", "scoring_elements": "0.90546", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.05846", "scoring_system": "epss", "scoring_elements": "0.90563", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.05846", "scoring_system": "epss", "scoring_elements": "0.90562", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.05846", "scoring_system": "epss", "scoring_elements": "0.90576", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.05846", "scoring_system": "epss", "scoring_elements": "0.90577", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-1263" }, { "reference_url": "https://curl.se/docs/CVE-2014-1263.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2014-1263.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582846?format=api", "purl": "pkg:deb/debian/curl@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582363?format=api", "purl": "pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-2szj-xvgq-pkfr" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-4e1k-7bj9-hfch" }, { "vulnerability": "VCID-4gze-cwtp-2bgr" }, { "vulnerability": "VCID-4seq-hvbx-7fg8" }, { "vulnerability": "VCID-56wg-yafz-gkgx" }, { "vulnerability": "VCID-6we4-n888-6qhe" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-ddgz-rczw-jqfw" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-pwn6-j8vf-rufk" }, { "vulnerability": "VCID-qbpd-star-6fgn" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-xpss-yndr-mycj" }, { "vulnerability": "VCID-yaas-j3qk-kfdg" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.74.0-1.3%252Bdeb11u13%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582364?format=api", "purl": "pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-2szj-xvgq-pkfr" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-5xp7-mcsa-uqd4" }, { "vulnerability": "VCID-6we4-n888-6qhe" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-ksap-zrmb-ebcu" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.88.1-10%252Bdeb12u14%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582365?format=api", "purl": "pkg:deb/debian/curl@8.14.1-2%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cx5-1qnw-uufj" }, { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-5xp7-mcsa-uqd4" }, { "vulnerability": "VCID-8zks-th64-33b8" }, { "vulnerability": "VCID-amgy-dw6h-6ydf" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-etzn-uhck-h7b2" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-kt4b-7ffh-4bch" }, { "vulnerability": "VCID-mkyr-w79c-qqfz" }, { "vulnerability": "VCID-nvzd-v3bs-6qek" }, { "vulnerability": "VCID-qpux-jh6k-8qhx" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-vbbv-k1r7-kkas" }, { "vulnerability": "VCID-x57x-w8g8-7ybz" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.14.1-2%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582366?format=api", "purl": "pkg:deb/debian/curl@8.19.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582367?format=api", "purl": "pkg:deb/debian/curl@8.19.0-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3qck-hm3c-tqaq" }, { "vulnerability": "VCID-bgdk-ebn7-eycn" }, { "vulnerability": "VCID-g4jw-azg9-gqbs" }, { "vulnerability": "VCID-hayq-ra35-myf3" }, { "vulnerability": "VCID-rsgn-r3yp-nkb6" }, { "vulnerability": "VCID-sshs-1k6e-cqer" }, { "vulnerability": "VCID-ydcp-ufa5-rqhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1067521?format=api", "purl": "pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1077418?format=api", "purl": "pkg:deb/debian/curl@8.20.0~rc3-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1088654?format=api", "purl": "pkg:deb/debian/curl@8.20.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-1263" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ya9y-nav3-37hh" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@0%3Fdistro=trixie" }