Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/mcollective@2.12.5%2Bdfsg-1?distro=bullseye

Type deb

Namespace debian

Name mcollective

Version 2.12.5+dfsg-1

Qualifiers

distro	bullseye

Subpath

Is_vulnerable false

Next_non_vulnerable_version 2.12.5+dfsg-1.1

Latest_non_vulnerable_version 2.12.5+dfsg-1.1

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-6raq-jq1v-cyde

vulnerability_id VCID-6raq-jq1v-cyde

summary

Two vulnerabilities have been found in MCollective, the worst of
    which could lead to privilege escalation.

references

reference_url	http://puppetlabs.com/security/cve/cve-2014-3251
reference_id
reference_type
scores
url	http://puppetlabs.com/security/cve/cve-2014-3251

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3251.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3251.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-3251

reference_id

reference_type

scores

value	0.00027
scoring_system	epss
scoring_elements	0.07556
published_at	2026-04-21T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07324
published_at	2026-04-01T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07436
published_at	2026-04-02T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07478
published_at	2026-04-04T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.0746
published_at	2026-04-07T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07517
published_at	2026-04-08T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.0754
published_at	2026-04-09T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07542
published_at	2026-04-11T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07528
published_at	2026-04-12T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07515
published_at	2026-04-13T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07437
published_at	2026-04-16T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07427
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-3251

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3251
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3251

reference_url	http://secunia.com/advisories/59356
reference_id
reference_type
scores
url	http://secunia.com/advisories/59356

reference_url	http://secunia.com/advisories/60066
reference_id
reference_type
scores
url	http://secunia.com/advisories/60066

reference_url	http://www.osvdb.org/109257
reference_id
reference_type
scores
url	http://www.osvdb.org/109257

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1105713
reference_id	1105713
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1105713

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=758701
reference_id	758701
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=758701

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:mcollective:-:::::::*
reference_id	cpe:2.3:a:puppetlabs:mcollective:-:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:mcollective:-:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise::::::::
reference_id	cpe:2.3:a:puppet:puppet_enterprise::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2014-3251

reference_id

CVE-2014-3251

reference_type

scores

value	4.4
scoring_system	cvssv2
scoring_elements	AV:L/AC:M/Au:N/C:P/I:P/A:P

url

https://nvd.nist.gov/vuln/detail/CVE-2014-3251

reference_url	https://security.gentoo.org/glsa/201412-15
reference_id	GLSA-201412-15
reference_type
scores
url	https://security.gentoo.org/glsa/201412-15

fixed_packages

url	pkg:deb/debian/mcollective@2.6.0%2Bdfsg-1?distro=bullseye
purl	pkg:deb/debian/mcollective@2.6.0%2Bdfsg-1?distro=bullseye
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/mcollective@2.6.0%252Bdfsg-1%3Fdistro=bullseye

url	pkg:deb/debian/mcollective@2.12.5%2Bdfsg-1?distro=bullseye
purl	pkg:deb/debian/mcollective@2.12.5%2Bdfsg-1?distro=bullseye
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/mcollective@2.12.5%252Bdfsg-1%3Fdistro=bullseye

url	pkg:deb/debian/mcollective@2.12.5%2Bdfsg-1.1?distro=bullseye
purl	pkg:deb/debian/mcollective@2.12.5%2Bdfsg-1.1?distro=bullseye
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/mcollective@2.12.5%252Bdfsg-1.1%3Fdistro=bullseye

aliases CVE-2014-3251

risk_score 2.0

exploitability 0.5

weighted_severity 4.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6raq-jq1v-cyde

url VCID-7ypq-wmb7-quhc

vulnerability_id VCID-7ypq-wmb7-quhc

summary

Moderate severity vulnerability that affects facter, hiera, mcollective-client, and puppet
Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan horse file in the current working directory, as demonstrated using (1) rubygems/defaults/operating_system.rb, (2) Win32API.rb, (3) Win32API.so, (4) safe_yaml.rb, (5) safe_yaml/deep.rb, or (6) safe_yaml/deep.so; or (7) operatingsystem.rb, (8) operatingsystem.so, (9) osfamily.rb, or (10) osfamily.so in puppet/confine.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3248.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3248.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-3248

reference_id

reference_type

scores

value	0.00074
scoring_system	epss
scoring_elements	0.22432
published_at	2026-04-16T12:55:00Z

value	0.00074
scoring_system	epss
scoring_elements	0.22379
published_at	2026-04-21T12:55:00Z

value	0.00074
scoring_system	epss
scoring_elements	0.22429
published_at	2026-04-18T12:55:00Z

value	0.00164
scoring_system	epss
scoring_elements	0.37409
published_at	2026-04-02T12:55:00Z

value	0.00164
scoring_system	epss
scoring_elements	0.37243
published_at	2026-04-01T12:55:00Z

value	0.00164
scoring_system	epss
scoring_elements	0.37433
published_at	2026-04-04T12:55:00Z

value	0.00164
scoring_system	epss
scoring_elements	0.37261
published_at	2026-04-07T12:55:00Z

value	0.00164
scoring_system	epss
scoring_elements	0.37312
published_at	2026-04-08T12:55:00Z

value	0.00164
scoring_system	epss
scoring_elements	0.37325
published_at	2026-04-09T12:55:00Z

value	0.00164
scoring_system	epss
scoring_elements	0.37336
published_at	2026-04-11T12:55:00Z

value	0.00164
scoring_system	epss
scoring_elements	0.37302
published_at	2026-04-12T12:55:00Z

value	0.00164
scoring_system	epss
scoring_elements	0.37274
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-3248

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3248
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3248

reference_url	http://secunia.com/advisories/59197
reference_id
reference_type
scores
url	http://secunia.com/advisories/59197

reference_url	http://secunia.com/advisories/59200
reference_id
reference_type
scores
url	http://secunia.com/advisories/59200

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/facter/CVE-2014-3248.yml

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/facter/CVE-2014-3248.yml

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/hiera/CVE-2014-3248.yml

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/hiera/CVE-2014-3248.yml

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/mcollective-client/CVE-2014-3248.yml

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/mcollective-client/CVE-2014-3248.yml

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2014-3248.yml

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2014-3248.yml

reference_url

https://web.archive.org/web/20141129061319/http://www.securityfocus.com/bid/68035

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20141129061319/http://www.securityfocus.com/bid/68035

reference_url

https://web.archive.org/web/20150204183209/http://rowediness.com/2014/06/13/cve-2014-3248-a-little-problem-with-puppet

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20150204183209/http://rowediness.com/2014/06/13/cve-2014-3248-a-little-problem-with-puppet

reference_url

https://web.archive.org/web/20150907182402/http://puppetlabs.com/security/cve/cve-2014-3248

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20150907182402/http://puppetlabs.com/security/cve/cve-2014-3248

reference_url	http://www.securityfocus.com/bid/68035
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/68035

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1101346
reference_id	1101346
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1101346

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:facter:2.0.0:rc1::::::
reference_id	cpe:2.3:a:puppet:facter:2.0.0:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:facter:2.0.0:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:facter:2.0.0:rc2::::::
reference_id	cpe:2.3:a:puppet:facter:2.0.0:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:facter:2.0.0:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:facter:2.0.0:rc3::::::
reference_id	cpe:2.3:a:puppet:facter:2.0.0:rc3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:facter:2.0.0:rc3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:facter:2.0.0:rc4::::::
reference_id	cpe:2.3:a:puppet:facter:2.0.0:rc4::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:facter:2.0.0:rc4::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:facter:2.0.1:-::::::
reference_id	cpe:2.3:a:puppet:facter:2.0.1:-::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:facter:2.0.1:-::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:facter:2.0.1:rc1::::::
reference_id	cpe:2.3:a:puppet:facter:2.0.1:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:facter:2.0.1:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:facter:2.0.1:rc2::::::
reference_id	cpe:2.3:a:puppet:facter:2.0.1:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:facter:2.0.1:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:facter:2.0.1:rc3::::::
reference_id	cpe:2.3:a:puppet:facter:2.0.1:rc3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:facter:2.0.1:rc3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:facter:2.0.1:rc4::::::
reference_id	cpe:2.3:a:puppet:facter:2.0.1:rc4::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:facter:2.0.1:rc4::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:hiera::::::::
reference_id	cpe:2.3:a:puppet:hiera::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:hiera::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:facter::::::::
reference_id	cpe:2.3:a:puppetlabs:facter::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:facter::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:marionette_collective::::::::
reference_id	cpe:2.3:a:puppet:marionette_collective::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:marionette_collective::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet::::::::
reference_id	cpe:2.3:a:puppet:puppet::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise::::::::
reference_id	cpe:2.3:a:puppet:puppet_enterprise::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise::::::::

reference_url	http://puppetlabs.com/security/cve/cve-2014-3248
reference_id	CVE-2014-3248
reference_type
scores
url	http://puppetlabs.com/security/cve/cve-2014-3248

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2014-3248

reference_id

CVE-2014-3248

reference_type

scores

value	6.2
scoring_system	cvssv2
scoring_elements	AV:L/AC:H/Au:N/C:C/I:C/A:C

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2014-3248

reference_url	http://rowediness.com/2014/06/13/cve-2014-3248-a-little-problem-with-puppet/
reference_id	CVE-2014-3248-A-LITTLE-PROBLEM-WITH-PUPPET
reference_type
scores
url	http://rowediness.com/2014/06/13/cve-2014-3248-a-little-problem-with-puppet/

reference_url	https://web.archive.org/web/20150204183209/http://rowediness.com/2014/06/13/cve-2014-3248-a-little-problem-with-puppet/
reference_id	CVE-2014-3248-A-LITTLE-PROBLEM-WITH-PUPPET
reference_type
scores
url	https://web.archive.org/web/20150204183209/http://rowediness.com/2014/06/13/cve-2014-3248-a-little-problem-with-puppet/

reference_url

https://github.com/advisories/GHSA-92v7-pq4h-58j5

reference_id

GHSA-92v7-pq4h-58j5

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-92v7-pq4h-58j5

reference_url	https://security.gentoo.org/glsa/201412-15
reference_id	GLSA-201412-15
reference_type
scores
url	https://security.gentoo.org/glsa/201412-15

reference_url	https://security.gentoo.org/glsa/201412-45
reference_id	GLSA-201412-45
reference_type
scores
url	https://security.gentoo.org/glsa/201412-45

reference_url	https://usn.ubuntu.com/3308-1/
reference_id	USN-3308-1
reference_type
scores
url	https://usn.ubuntu.com/3308-1/

fixed_packages

url	pkg:deb/debian/mcollective@2.5.2%2Bdfsg-1?distro=bullseye
purl	pkg:deb/debian/mcollective@2.5.2%2Bdfsg-1?distro=bullseye
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/mcollective@2.5.2%252Bdfsg-1%3Fdistro=bullseye

url	pkg:deb/debian/mcollective@2.12.5%2Bdfsg-1?distro=bullseye
purl	pkg:deb/debian/mcollective@2.12.5%2Bdfsg-1?distro=bullseye
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/mcollective@2.12.5%252Bdfsg-1%3Fdistro=bullseye

url	pkg:deb/debian/mcollective@2.12.5%2Bdfsg-1.1?distro=bullseye
purl	pkg:deb/debian/mcollective@2.12.5%2Bdfsg-1.1?distro=bullseye
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/mcollective@2.12.5%252Bdfsg-1.1%3Fdistro=bullseye

aliases CVE-2014-3248, GHSA-92v7-pq4h-58j5

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7ypq-wmb7-quhc

url VCID-casd-wvax-8yde

vulnerability_id VCID-casd-wvax-8yde

summary mcollective: Improper validation of fields in MCollective pings

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2788.json

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2788.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-2788

reference_id

reference_type

scores

value	0.01957
scoring_system	epss
scoring_elements	0.8342
published_at	2026-04-01T12:55:00Z

value	0.01957
scoring_system	epss
scoring_elements	0.83433
published_at	2026-04-02T12:55:00Z

value	0.01957
scoring_system	epss
scoring_elements	0.83447
published_at	2026-04-04T12:55:00Z

value	0.01957
scoring_system	epss
scoring_elements	0.83446
published_at	2026-04-07T12:55:00Z

value	0.01957
scoring_system	epss
scoring_elements	0.83471
published_at	2026-04-08T12:55:00Z

value	0.01957
scoring_system	epss
scoring_elements	0.8348
published_at	2026-04-09T12:55:00Z

value	0.01957
scoring_system	epss
scoring_elements	0.83495
published_at	2026-04-11T12:55:00Z

value	0.01957
scoring_system	epss
scoring_elements	0.83488
published_at	2026-04-12T12:55:00Z

value	0.01957
scoring_system	epss
scoring_elements	0.83484
published_at	2026-04-13T12:55:00Z

value	0.01957
scoring_system	epss
scoring_elements	0.8352
published_at	2026-04-16T12:55:00Z

value	0.01957
scoring_system	epss
scoring_elements	0.83521
published_at	2026-04-18T12:55:00Z

value	0.01957
scoring_system	epss
scoring_elements	0.83522
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-2788

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2788
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2788

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1365799
reference_id	1365799
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1365799

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850968
reference_id	850968
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850968

fixed_packages

url	pkg:deb/debian/mcollective@2.12.0%2Bdfsg-1?distro=bullseye
purl	pkg:deb/debian/mcollective@2.12.0%2Bdfsg-1?distro=bullseye
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/mcollective@2.12.0%252Bdfsg-1%3Fdistro=bullseye

url	pkg:deb/debian/mcollective@2.12.5%2Bdfsg-1?distro=bullseye
purl	pkg:deb/debian/mcollective@2.12.5%2Bdfsg-1?distro=bullseye
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/mcollective@2.12.5%252Bdfsg-1%3Fdistro=bullseye

url	pkg:deb/debian/mcollective@2.12.5%2Bdfsg-1.1?distro=bullseye
purl	pkg:deb/debian/mcollective@2.12.5%2Bdfsg-1.1?distro=bullseye
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/mcollective@2.12.5%252Bdfsg-1.1%3Fdistro=bullseye

aliases CVE-2016-2788

risk_score 2.8

exploitability 0.5

weighted_severity 5.5

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-casd-wvax-8yde

url VCID-e88t-j5b4-s7ba

vulnerability_id VCID-e88t-j5b4-s7ba

summary

A vulnerability in MCollective might allow remote attackers to
    execute arbitrary code.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2292.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2292.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-2292

reference_id

reference_type

scores

value	0.01805
scoring_system	epss
scoring_elements	0.82748
published_at	2026-04-01T12:55:00Z

value	0.01805
scoring_system	epss
scoring_elements	0.82764
published_at	2026-04-02T12:55:00Z

value	0.01805
scoring_system	epss
scoring_elements	0.82778
published_at	2026-04-04T12:55:00Z

value	0.01805
scoring_system	epss
scoring_elements	0.82775
published_at	2026-04-07T12:55:00Z

value	0.01805
scoring_system	epss
scoring_elements	0.82801
published_at	2026-04-08T12:55:00Z

value	0.01805
scoring_system	epss
scoring_elements	0.82807
published_at	2026-04-09T12:55:00Z

value	0.01805
scoring_system	epss
scoring_elements	0.82824
published_at	2026-04-11T12:55:00Z

value	0.01805
scoring_system	epss
scoring_elements	0.82819
published_at	2026-04-12T12:55:00Z

value	0.01805
scoring_system	epss
scoring_elements	0.82814
published_at	2026-04-13T12:55:00Z

value	0.01805
scoring_system	epss
scoring_elements	0.82853
published_at	2026-04-16T12:55:00Z

value	0.01805
scoring_system	epss
scoring_elements	0.82852
published_at	2026-04-18T12:55:00Z

value	0.01805
scoring_system	epss
scoring_elements	0.82855
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-2292

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2292
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2292

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1470086
reference_id	1470086
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1470086

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866711
reference_id	866711
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866711

reference_url	https://security.gentoo.org/glsa/201709-01
reference_id	GLSA-201709-01
reference_type
scores
url	https://security.gentoo.org/glsa/201709-01

fixed_packages

url	pkg:deb/debian/mcollective@2.12.0%2Bdfsg-1?distro=bullseye
purl	pkg:deb/debian/mcollective@2.12.0%2Bdfsg-1?distro=bullseye
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/mcollective@2.12.0%252Bdfsg-1%3Fdistro=bullseye

url	pkg:deb/debian/mcollective@2.12.5%2Bdfsg-1?distro=bullseye
purl	pkg:deb/debian/mcollective@2.12.5%2Bdfsg-1?distro=bullseye
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/mcollective@2.12.5%252Bdfsg-1%3Fdistro=bullseye

url	pkg:deb/debian/mcollective@2.12.5%2Bdfsg-1.1?distro=bullseye
purl	pkg:deb/debian/mcollective@2.12.5%2Bdfsg-1.1?distro=bullseye
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/mcollective@2.12.5%252Bdfsg-1.1%3Fdistro=bullseye

aliases CVE-2017-2292

risk_score 3.6

exploitability 0.5

weighted_severity 7.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e88t-j5b4-s7ba

url VCID-m57c-zm42-rqh9

vulnerability_id VCID-m57c-zm42-rqh9

summary mcollective: world readable client config

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0164.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0164.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-0164

reference_id

reference_type

scores

value	0.00037
scoring_system	epss
scoring_elements	0.10955
published_at	2026-04-01T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.11092
published_at	2026-04-02T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.11154
published_at	2026-04-04T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.10976
published_at	2026-04-07T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.11053
published_at	2026-04-08T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.11107
published_at	2026-04-09T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.11111
published_at	2026-04-11T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.11079
published_at	2026-04-12T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.11056
published_at	2026-04-13T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.1091
published_at	2026-04-16T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.1092
published_at	2026-04-18T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.1104
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-0164

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0164
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0164

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1083847
reference_id	1083847
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1083847

reference_url	https://access.redhat.com/errata/RHSA-2014:0460
reference_id	RHSA-2014:0460
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:0460

reference_url	https://access.redhat.com/errata/RHSA-2014:0461
reference_id	RHSA-2014:0461
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:0461

fixed_packages

url	pkg:deb/debian/mcollective@1.2.1%2Bdfsg-2?distro=bullseye
purl	pkg:deb/debian/mcollective@1.2.1%2Bdfsg-2?distro=bullseye
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/mcollective@1.2.1%252Bdfsg-2%3Fdistro=bullseye

url	pkg:deb/debian/mcollective@2.12.5%2Bdfsg-1?distro=bullseye
purl	pkg:deb/debian/mcollective@2.12.5%2Bdfsg-1?distro=bullseye
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/mcollective@2.12.5%252Bdfsg-1%3Fdistro=bullseye

url	pkg:deb/debian/mcollective@2.12.5%2Bdfsg-1.1?distro=bullseye
purl	pkg:deb/debian/mcollective@2.12.5%2Bdfsg-1.1?distro=bullseye
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/mcollective@2.12.5%252Bdfsg-1.1%3Fdistro=bullseye

aliases CVE-2014-0164

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m57c-zm42-rqh9

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mcollective@2.12.5%252Bdfsg-1%3Fdistro=bullseye

Package Instance