Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/lxc@1:1.0.6-6%2Bdeb8u6

Type deb

Namespace debian

Name lxc

Version 1:1.0.6-6+deb8u6

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 1:5.0.2-1+deb12u4

Latest_non_vulnerable_version 1:5.0.2-1+deb12u4

Affected_by_vulnerabilities

url VCID-2j8j-mhxb-mfek

vulnerability_id VCID-2j8j-mhxb-mfek

summary lxc-attach in LXC before 1.0.9 and 2.x before 2.0.6 allows an attacker inside of an unprivileged container to use an inherited file descriptor, of the host's /proc, to access the rest of the host's filesystem via the openat() family of syscalls.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-8649

reference_id

reference_type

scores

value	0.02154
scoring_system	epss
scoring_elements	0.84573
published_at	2026-06-04T12:55:00Z

value	0.02154
scoring_system	epss
scoring_elements	0.84598
published_at	2026-06-07T12:55:00Z

value	0.02154
scoring_system	epss
scoring_elements	0.84602
published_at	2026-06-06T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-8649

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8649
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8649

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6
scoring_system	cvssv2
scoring_elements	AV:L/AC:H/Au:S/C:C/I:C/A:C

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845465
reference_id	845465
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845465

reference_url	https://usn.ubuntu.com/3136-1/
reference_id	USN-3136-1
reference_type
scores
url	https://usn.ubuntu.com/3136-1/

fixed_packages

url pkg:deb/debian/lxc@1:2.0.7-2~bpo8%2B1

purl pkg:deb/debian/lxc@1:2.0.7-2~bpo8%2B1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3zpj-e8nk-ekh9

vulnerability	VCID-9h9s-bb82-ukc9

vulnerability	VCID-pgtn-33ad-yuem

vulnerability	VCID-tgpj-4n6x-fqf4

vulnerability	VCID-yakr-ygsz-xqc1

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lxc@1:2.0.7-2~bpo8%252B1

aliases CVE-2016-8649

risk_score 1.5

exploitability 0.5

weighted_severity 3.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2j8j-mhxb-mfek

url VCID-2thf-rghr-27b7

vulnerability_id VCID-2thf-rghr-27b7

summary attach.c in LXC 1.1.2 and earlier uses the proc filesystem in a container, which allows local container users to escape AppArmor or SELinux confinement by mounting a proc filesystem with a crafted (1) AppArmor profile or (2) SELinux label.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-1334

reference_id

reference_type

scores

value	0.00101
scoring_system	epss
scoring_elements	0.27445
published_at	2026-06-04T12:55:00Z

value	0.00101
scoring_system	epss
scoring_elements	0.27512
published_at	2026-06-05T12:55:00Z

value	0.00101
scoring_system	epss
scoring_elements	0.27461
published_at	2026-06-06T12:55:00Z

value	0.00101
scoring_system	epss
scoring_elements	0.27423
published_at	2026-06-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-1334

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1331
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1331

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1334
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1334

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=793298
reference_id	793298
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=793298

reference_url	https://usn.ubuntu.com/2675-1/
reference_id	USN-2675-1
reference_type
scores
url	https://usn.ubuntu.com/2675-1/

fixed_packages

url pkg:deb/debian/lxc@1:2.0.7-2~bpo8%2B1

purl pkg:deb/debian/lxc@1:2.0.7-2~bpo8%2B1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3zpj-e8nk-ekh9

vulnerability	VCID-9h9s-bb82-ukc9

vulnerability	VCID-pgtn-33ad-yuem

vulnerability	VCID-tgpj-4n6x-fqf4

vulnerability	VCID-yakr-ygsz-xqc1

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lxc@1:2.0.7-2~bpo8%252B1

aliases CVE-2015-1334

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2thf-rghr-27b7

url VCID-2yb6-xgkm-tqfd

vulnerability_id VCID-2yb6-xgkm-tqfd

summary lxclock.c in LXC 1.1.2 and earlier allows local users to create arbitrary files via a symlink attack on /run/lock/lxc/*.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-1331

reference_id

reference_type

scores

value	0.00048
scoring_system	epss
scoring_elements	0.15379
published_at	2026-06-04T12:55:00Z

value	0.00048
scoring_system	epss
scoring_elements	0.15464
published_at	2026-06-05T12:55:00Z

value	0.00048
scoring_system	epss
scoring_elements	0.15455
published_at	2026-06-06T12:55:00Z

value	0.00048
scoring_system	epss
scoring_elements	0.15414
published_at	2026-06-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-1331

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1331
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1331

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1334
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1334

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=793298
reference_id	793298
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=793298

reference_url	https://usn.ubuntu.com/2675-1/
reference_id	USN-2675-1
reference_type
scores
url	https://usn.ubuntu.com/2675-1/

fixed_packages

url pkg:deb/debian/lxc@1:2.0.7-2~bpo8%2B1

purl pkg:deb/debian/lxc@1:2.0.7-2~bpo8%2B1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3zpj-e8nk-ekh9

vulnerability	VCID-9h9s-bb82-ukc9

vulnerability	VCID-pgtn-33ad-yuem

vulnerability	VCID-tgpj-4n6x-fqf4

vulnerability	VCID-yakr-ygsz-xqc1

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lxc@1:2.0.7-2~bpo8%252B1

aliases CVE-2015-1331

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2yb6-xgkm-tqfd

url VCID-3zpj-e8nk-ekh9

vulnerability_id VCID-3zpj-e8nk-ekh9

summary lxc-user-nic in lxc through 5.0.1 is installed setuid root, and may allow local users to infer whether any file exists, even within a protected directory tree, because "Failed to open" often indicates that a file does not exist, whereas "does not refer to a network namespace path" often indicates that a file exists. NOTE: this is different from CVE-2018-6556 because the CVE-2018-6556 fix design was based on the premise that "we will report back to the user that the open() failed but the user has no way of knowing why it failed"; however, in many realistic cases, there are no plausible reasons for failing except that the file does not exist.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-47952

reference_id

reference_type

scores

value	0.02322
scoring_system	epss
scoring_elements	0.85096
published_at	2026-06-04T12:55:00Z

value	0.02322
scoring_system	epss
scoring_elements	0.8512
published_at	2026-06-05T12:55:00Z

value	0.02322
scoring_system	epss
scoring_elements	0.85124
published_at	2026-06-06T12:55:00Z

value	0.02322
scoring_system	epss
scoring_elements	0.85119
published_at	2026-06-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-47952

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47952
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47952

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1783591/comments/45

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-10T19:15:58Z/

url

https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1783591/comments/45

reference_url

https://github.com/MaherAzzouzi/CVE-2022-47952

reference_id

CVE-2022-47952

reference_type

scores

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-10T19:15:58Z/

url

https://github.com/MaherAzzouzi/CVE-2022-47952

reference_url

https://github.com/lxc/lxc/blob/0b83d71c2c8f3bac9503f894cd84584f79258bb3/lxc.spec.in#L274

reference_id

lxc.spec.in#L274

reference_type

scores

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-10T19:15:58Z/

url

https://github.com/lxc/lxc/blob/0b83d71c2c8f3bac9503f894cd84584f79258bb3/lxc.spec.in#L274

reference_url

https://github.com/lxc/lxc/blob/0b83d71c2c8f3bac9503f894cd84584f79258bb3/src/lxc/cmd/lxc_user_nic.c#L1085-L1104

reference_id

lxc_user_nic.c#L1085-L1104

reference_type

scores

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-10T19:15:58Z/

url

https://github.com/lxc/lxc/blob/0b83d71c2c8f3bac9503f894cd84584f79258bb3/src/lxc/cmd/lxc_user_nic.c#L1085-L1104

reference_url

https://lists.debian.org/debian-lts-announce/2023/08/msg00025.html

reference_id

msg00025.html

reference_type

scores

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-10T19:15:58Z/

url

https://lists.debian.org/debian-lts-announce/2023/08/msg00025.html

fixed_packages

url pkg:deb/debian/lxc@1:4.0.6-2%2Bdeb11u2

purl pkg:deb/debian/lxc@1:4.0.6-2%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-nxee-5unk-sbd7

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lxc@1:4.0.6-2%252Bdeb11u2

aliases CVE-2022-47952

risk_score 1.6

exploitability 0.5

weighted_severity 3.1

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3zpj-e8nk-ekh9

url VCID-8m2a-qvrd-1yfn

vulnerability_id VCID-8m2a-qvrd-1yfn

summary lxc-start in lxc before 1.0.8 and 1.1.x before 1.1.4 allows local container administrators to escape AppArmor confinement via a symlink attack on a (1) mount target or (2) bind mount source.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-1335

reference_id

reference_type

scores

value	0.00111
scoring_system	epss
scoring_elements	0.29187
published_at	2026-06-04T12:55:00Z

value	0.00111
scoring_system	epss
scoring_elements	0.29257
published_at	2026-06-05T12:55:00Z

value	0.00111
scoring_system	epss
scoring_elements	0.29224
published_at	2026-06-06T12:55:00Z

value	0.00111
scoring_system	epss
scoring_elements	0.29189
published_at	2026-06-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-1335

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1335
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1335

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=800471
reference_id	800471
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=800471

reference_url	https://usn.ubuntu.com/2753-1/
reference_id	USN-2753-1
reference_type
scores
url	https://usn.ubuntu.com/2753-1/

fixed_packages

url pkg:deb/debian/lxc@1:2.0.7-2~bpo8%2B1

purl pkg:deb/debian/lxc@1:2.0.7-2~bpo8%2B1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3zpj-e8nk-ekh9

vulnerability	VCID-9h9s-bb82-ukc9

vulnerability	VCID-pgtn-33ad-yuem

vulnerability	VCID-tgpj-4n6x-fqf4

vulnerability	VCID-yakr-ygsz-xqc1

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lxc@1:2.0.7-2~bpo8%252B1

aliases CVE-2015-1335

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8m2a-qvrd-1yfn

url VCID-9h9s-bb82-ukc9

vulnerability_id VCID-9h9s-bb82-ukc9

summary In LXC 2.0, many template scripts download code over cleartext HTTP, and omit a digital-signature check, before running it to bootstrap containers.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-18641

reference_id

reference_type

scores

value	0.00346
scoring_system	epss
scoring_elements	0.57361
published_at	2026-06-04T12:55:00Z

value	0.00346
scoring_system	epss
scoring_elements	0.57414
published_at	2026-06-05T12:55:00Z

value	0.00346
scoring_system	epss
scoring_elements	0.57423
published_at	2026-06-06T12:55:00Z

value	0.00346
scoring_system	epss
scoring_elements	0.57412
published_at	2026-06-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-18641

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18641
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18641

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988730
reference_id	988730
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988730

fixed_packages

url pkg:deb/debian/lxc@1:3.1.0%2Breally3.0.3-8

purl pkg:deb/debian/lxc@1:3.1.0%2Breally3.0.3-8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3zpj-e8nk-ekh9

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lxc@1:3.1.0%252Breally3.0.3-8

aliases CVE-2017-18641

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9h9s-bb82-ukc9

url VCID-krtx-dz6u-3ycx

vulnerability_id VCID-krtx-dz6u-3ycx

summary An issue was discovered in Linux Containers (LXC) before 2016-02-22. When executing a program via lxc-attach, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer, allowing an attacker to escape the container.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-10124

reference_id

reference_type

scores

value	0.00219
scoring_system	epss
scoring_elements	0.44508
published_at	2026-06-04T12:55:00Z

value	0.00219
scoring_system	epss
scoring_elements	0.44577
published_at	2026-06-05T12:55:00Z

value	0.00219
scoring_system	epss
scoring_elements	0.44585
published_at	2026-06-06T12:55:00Z

value	0.00219
scoring_system	epss
scoring_elements	0.44563
published_at	2026-06-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-10124

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10124
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10124

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.6
scoring_system	cvssv2
scoring_elements	AV:L/AC:L/Au:N/C:P/I:P/A:P

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://security.gentoo.org/glsa/201711-09
reference_id	GLSA-201711-09
reference_type
scores
url	https://security.gentoo.org/glsa/201711-09

reference_url	https://usn.ubuntu.com/3375-1/
reference_id	USN-3375-1
reference_type
scores
url	https://usn.ubuntu.com/3375-1/

fixed_packages

url pkg:deb/debian/lxc@1:2.0.7-2~bpo8%2B1

purl pkg:deb/debian/lxc@1:2.0.7-2~bpo8%2B1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3zpj-e8nk-ekh9

vulnerability	VCID-9h9s-bb82-ukc9

vulnerability	VCID-pgtn-33ad-yuem

vulnerability	VCID-tgpj-4n6x-fqf4

vulnerability	VCID-yakr-ygsz-xqc1

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lxc@1:2.0.7-2~bpo8%252B1

aliases CVE-2016-10124

risk_score 1.1

exploitability 0.5

weighted_severity 2.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-krtx-dz6u-3ycx

url VCID-pgtn-33ad-yuem

vulnerability_id VCID-pgtn-33ad-yuem

summary lxc-user-nic in Linux Containers (LXC) allows local users with a lxc-usernet allocation to create network interfaces on the host and choose the name of those interfaces by leveraging lack of netns ownership check.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-5985

reference_id

reference_type

scores

value	0.0009
scoring_system	epss
scoring_elements	0.25567
published_at	2026-06-04T12:55:00Z

value	0.0009
scoring_system	epss
scoring_elements	0.25668
published_at	2026-06-05T12:55:00Z

value	0.0009
scoring_system	epss
scoring_elements	0.25659
published_at	2026-06-06T12:55:00Z

value	0.0009
scoring_system	epss
scoring_elements	0.25612
published_at	2026-06-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-5985

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5985
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5985

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857295
reference_id	857295
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857295

reference_url	https://security.archlinux.org/ASA-201705-17
reference_id	ASA-201705-17
reference_type
scores
url	https://security.archlinux.org/ASA-201705-17

reference_url

https://security.archlinux.org/AVG-204

reference_id

AVG-204

reference_type

scores

value	Low
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-204

reference_url	https://usn.ubuntu.com/3224-1/
reference_id	USN-3224-1
reference_type
scores
url	https://usn.ubuntu.com/3224-1/

fixed_packages

url pkg:deb/debian/lxc@1:2.0.7-2%2Bdeb9u2

purl pkg:deb/debian/lxc@1:2.0.7-2%2Bdeb9u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3zpj-e8nk-ekh9

vulnerability	VCID-9h9s-bb82-ukc9

vulnerability	VCID-tgpj-4n6x-fqf4

vulnerability	VCID-yakr-ygsz-xqc1

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lxc@1:2.0.7-2%252Bdeb9u2

aliases CVE-2017-5985

risk_score 1.4

exploitability 0.5

weighted_severity 2.7

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pgtn-33ad-yuem

url VCID-tgpj-4n6x-fqf4

vulnerability_id VCID-tgpj-4n6x-fqf4

summary privilege escalation

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5736.json

reference_id

reference_type

scores

value	7.7
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5736.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-5736

reference_id

reference_type

scores

value	0.59178
scoring_system	epss
scoring_elements	0.9827
published_at	2026-06-06T12:55:00Z

value	0.59178
scoring_system	epss
scoring_elements	0.98266
published_at	2026-06-04T12:55:00Z

value	0.59178
scoring_system	epss
scoring_elements	0.98269
published_at	2026-06-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-5736

reference_url	https://bugzilla.suse.com/show_bug.cgi?id=1121967
reference_id
reference_type
scores
url	https://bugzilla.suse.com/show_bug.cgi?id=1121967

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5736
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5736

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://github.com/docker/docker-ce/releases/tag/v18.09.2
reference_id
reference_type
scores
url	https://github.com/docker/docker-ce/releases/tag/v18.09.2

reference_url	https://www.exploit-db.com/exploits/46359/
reference_id
reference_type
scores
url	https://www.exploit-db.com/exploits/46359/

reference_url	https://www.exploit-db.com/exploits/46369/
reference_id
reference_type
scores
url	https://www.exploit-db.com/exploits/46369/

reference_url	http://www.securityfocus.com/bid/106976
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/106976

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1664908
reference_id	1664908
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1664908

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922050
reference_id	922050
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922050

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922169
reference_id	922169
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922169

reference_url	https://security.archlinux.org/ASA-201902-20
reference_id	ASA-201902-20
reference_type
scores
url	https://security.archlinux.org/ASA-201902-20

reference_url	https://security.archlinux.org/ASA-201902-6
reference_id	ASA-201902-6
reference_type
scores
url	https://security.archlinux.org/ASA-201902-6

reference_url

https://security.archlinux.org/AVG-878

reference_id

AVG-878

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-878

reference_url

https://security.archlinux.org/AVG-880

reference_id

AVG-880

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-880

reference_url

https://security.archlinux.org/AVG-892

reference_id

AVG-892

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-892

reference_url

https://security.archlinux.org/AVG-893

reference_id

AVG-893

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-893

reference_url

https://security.archlinux.org/AVG-895

reference_id

AVG-895

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-895

reference_url	https://github.com/feexd/pocs/tree/a5aac58e0935a505c034b5f9e6cf35c1fc67471d/CVE-2019-5736
reference_id	CVE-2019-5736
reference_type	exploit
scores
url	https://github.com/feexd/pocs/tree/a5aac58e0935a505c034b5f9e6cf35c1fc67471d/CVE-2019-5736

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/46359.md
reference_id	CVE-2019-5736
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/46359.md

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/46369.md
reference_id	CVE-2019-5736
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/46369.md

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2019-5736
reference_id	CVE-2019-5736
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2019-5736

reference_url	https://www.openwall.com/lists/oss-security/2019/02/13/3
reference_id	CVE-2019-5736
reference_type	exploit
scores
url	https://www.openwall.com/lists/oss-security/2019/02/13/3

reference_url	https://access.redhat.com/errata/RHSA-2019:0303
reference_id	RHSA-2019:0303
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:0303

reference_url	https://access.redhat.com/errata/RHSA-2019:0304
reference_id	RHSA-2019:0304
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:0304

reference_url	https://access.redhat.com/errata/RHSA-2019:0401
reference_id	RHSA-2019:0401
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:0401

reference_url	https://access.redhat.com/errata/RHSA-2019:0408
reference_id	RHSA-2019:0408
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:0408

reference_url	https://access.redhat.com/errata/RHSA-2019:0975
reference_id	RHSA-2019:0975
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:0975

reference_url	https://usn.ubuntu.com/4048-1/
reference_id	USN-4048-1
reference_type
scores
url	https://usn.ubuntu.com/4048-1/

fixed_packages

url pkg:deb/debian/lxc@1:3.1.0%2Breally3.0.3-8

purl pkg:deb/debian/lxc@1:3.1.0%2Breally3.0.3-8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3zpj-e8nk-ekh9

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lxc@1:3.1.0%252Breally3.0.3-8

aliases CVE-2019-5736

risk_score 10.0

exploitability 2.0

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tgpj-4n6x-fqf4

url VCID-yakr-ygsz-xqc1

vulnerability_id VCID-yakr-ygsz-xqc1

summary arbitrary filesystem access

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-6556

reference_id

reference_type

scores

value	0.00066
scoring_system	epss
scoring_elements	0.20603
published_at	2026-06-04T12:55:00Z

value	0.00066
scoring_system	epss
scoring_elements	0.20677
published_at	2026-06-05T12:55:00Z

value	0.00066
scoring_system	epss
scoring_elements	0.20661
published_at	2026-06-06T12:55:00Z

value	0.00066
scoring_system	epss
scoring_elements	0.20619
published_at	2026-06-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-6556

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6556
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6556

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=905586
reference_id	905586
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=905586

reference_url

https://security.archlinux.org/AVG-754

reference_id

AVG-754

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-754

reference_url	https://security.gentoo.org/glsa/201808-02
reference_id	GLSA-201808-02
reference_type
scores
url	https://security.gentoo.org/glsa/201808-02

reference_url	https://usn.ubuntu.com/3730-1/
reference_id	USN-3730-1
reference_type
scores
url	https://usn.ubuntu.com/3730-1/

fixed_packages

url pkg:deb/debian/lxc@1:3.1.0%2Breally3.0.3-8

purl pkg:deb/debian/lxc@1:3.1.0%2Breally3.0.3-8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3zpj-e8nk-ekh9

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lxc@1:3.1.0%252Breally3.0.3-8

aliases CVE-2018-6556

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yakr-ygsz-xqc1

Fixing_vulnerabilities

url VCID-8m2a-qvrd-1yfn

vulnerability_id VCID-8m2a-qvrd-1yfn

summary lxc-start in lxc before 1.0.8 and 1.1.x before 1.1.4 allows local container administrators to escape AppArmor confinement via a symlink attack on a (1) mount target or (2) bind mount source.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-1335

reference_id

reference_type

scores

value	0.00111
scoring_system	epss
scoring_elements	0.29187
published_at	2026-06-04T12:55:00Z

value	0.00111
scoring_system	epss
scoring_elements	0.29257
published_at	2026-06-05T12:55:00Z

value	0.00111
scoring_system	epss
scoring_elements	0.29224
published_at	2026-06-06T12:55:00Z

value	0.00111
scoring_system	epss
scoring_elements	0.29189
published_at	2026-06-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-1335

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1335
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1335

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=800471
reference_id	800471
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=800471

reference_url	https://usn.ubuntu.com/2753-1/
reference_id	USN-2753-1
reference_type
scores
url	https://usn.ubuntu.com/2753-1/

fixed_packages

url pkg:deb/debian/lxc@1:1.0.6-6%2Bdeb8u6

purl pkg:deb/debian/lxc@1:1.0.6-6%2Bdeb8u6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2j8j-mhxb-mfek

vulnerability	VCID-2thf-rghr-27b7

vulnerability	VCID-2yb6-xgkm-tqfd

vulnerability	VCID-3zpj-e8nk-ekh9

vulnerability	VCID-8m2a-qvrd-1yfn

vulnerability	VCID-9h9s-bb82-ukc9

vulnerability	VCID-krtx-dz6u-3ycx

vulnerability	VCID-pgtn-33ad-yuem

vulnerability	VCID-tgpj-4n6x-fqf4

vulnerability	VCID-yakr-ygsz-xqc1

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lxc@1:1.0.6-6%252Bdeb8u6

url pkg:deb/debian/lxc@1:2.0.7-2~bpo8%2B1

purl pkg:deb/debian/lxc@1:2.0.7-2~bpo8%2B1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3zpj-e8nk-ekh9

vulnerability	VCID-9h9s-bb82-ukc9

vulnerability	VCID-pgtn-33ad-yuem

vulnerability	VCID-tgpj-4n6x-fqf4

vulnerability	VCID-yakr-ygsz-xqc1

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lxc@1:2.0.7-2~bpo8%252B1

aliases CVE-2015-1335

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8m2a-qvrd-1yfn

Risk_score 10.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lxc@1:1.0.6-6%252Bdeb8u6

Package Instance