Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/php-phpseclib@2.0.52-1?distro=trixie
Typedeb
Namespacedebian
Namephp-phpseclib
Version2.0.52-1
Qualifiers
distro trixie
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.0.53-1
Latest_non_vulnerable_version2.0.53-1
Affected_by_vulnerabilities
0
url VCID-hnn9-wcwe-ffa5
vulnerability_id VCID-hnn9-wcwe-ffa5
summary 
phpseclib has a variable-time HMAC comparison in SSH2::get_binary_packet() using != instead of hash_equals()
# phpseclib SSH2: Variable-time comparison in HMAC verification

## Summary

`phpseclib\Net\SSH2::get_binary_packet()` uses PHP's `!=` operator to compare a received SSH packet HMAC against the locally computed HMAC. `!=` on equal-length binary strings in PHP uses `memcmp()`, which short-circuits on the first differing byte. This is a real variable-time comparison (CWE-208), proven by scaling benchmarks.

The finding is **Low severity (defense-in-depth)**, not Critical. Practical exploitation over the network is prevented by SSH's disconnect-on-MAC-failure behavior combined with per-connection session keys. The fix is a one-liner: replace `!=` with `hash_equals()`, which the codebase already uses in 9 other places.

- **Target:** `phpseclib/phpseclib`
- **File:** `phpseclib/Net/SSH2.php`
- **Lines (master `e819a163c`):** 3405 and 3410
- **CWE:** CWE-208 (Observable Timing Discrepancy)
- **CVSS v3.1:** 3.7 — `CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N`
- **Severity:** Low (cryptographic hygiene / defense-in-depth)
- **Affected branches:** `master`, `3.0`, `2.0`, `1.0` (all supported versions)

## Root cause

`phpseclib/Net/SSH2.php` lines 3399-3415 (master at `e819a163c`):

```php
if ($this->hmac_check instanceof Hash) {
    $reconstructed = !$this->hmac_check_etm ?
        pack('Na*', $packet->packet_length, $packet->plain) :
        substr($packet->raw, 0, -$this->hmac_size);
    if (($this->hmac_check->getHash() & "\xFF\xFF\xFF\xFF") == 'umac') {
        $this->hmac_check->setNonce("\0\0\0\0" . pack('N', $this->get_seq_no));
        if ($hmac != $this->hmac_check->hash($reconstructed)) {                     // <-- line 3405
            $this->disconnect_helper(DisconnectReason::MAC_ERROR);
            throw new ConnectionClosedException('Invalid UMAC');
        }
    } else {
        if ($hmac != $this->hmac_check->hash(pack('Na*', $this->get_seq_no, $reconstructed))) {  // <-- line 3410
            $this->disconnect_helper(DisconnectReason::MAC_ERROR);
            throw new ConnectionClosedException('Invalid HMAC');
        }
    }
}
```

Both `$hmac` (read from the socket via `Strings::pop($raw, $this->hmac_size)` at line 3348) and the computed hash are equal-length binary strings. PHP's `!=` operator on equal-length strings dispatches to `zend_binary_strcmp()` which internally calls `memcmp()`. Modern libc `memcmp` short-circuits on the first differing byte, producing a timing signal that scales linearly with the number of matching leading bytes.

### The same bug exists on every supported branch

| Branch | File | Line(s) | Expression |
|---|---|---|---|
| `master` (@ `e819a163c`) | `phpseclib/Net/SSH2.php` | 3405, 3410 | `$hmac != $this->hmac_check->hash(...)` |
| `3.0` | `phpseclib/Net/SSH2.php` | 3741, 3746 | `$hmac != $this->hmac_check->hash(...)` |
| `2.0` | `phpseclib/Net/SSH2.php` | 3796 | `$hmac != $this->hmac_check->hash(...)` |
| `1.0` | `phpseclib/Net/SSH2.php` | 3810 | `$hmac != $this->hmac_check->hash(...)` |

Verified with `git show <branch>:phpseclib/Net/SSH2.php`.

### Reachability

The HMAC verification path at lines 3399-3415 is reached on **every received SSH packet** when the negotiated cipher is not AEAD — i.e., any of:

- `aes128-cbc`, `aes192-cbc`, `aes256-cbc`
- `aes128-ctr`, `aes192-ctr`, `aes256-ctr`
- `3des-cbc`, `3des-ctr`
- `blowfish-cbc`, `blowfish-ctr`
- `twofish-*-cbc`, `twofish-*-ctr`
- `arcfour`, `arcfour128`, `arcfour256`

combined with any non-AEAD MAC (hmac-sha2-256, hmac-sha2-512, hmac-sha1, hmac-sha1-96, hmac-md5, hmac-md5-96, umac-64, umac-128, and their -etm variants — full list at `getSupportedMACAlgorithms()` around line 4754).

AEAD ciphers (`aes128-gcm@openssh.com`, `aes256-gcm@openssh.com`, `chacha20-poly1305@openssh.com`) go through a different path (lines 3353-3381) and do not reach the `!=` comparison — their authentication tag is checked inside the AEAD implementation.

`$this->hmac_check` is set during key exchange at `SSH2.php:1812`:

```php
if (!$this->decrypt->usesNonce()) {
    [$this->hmac_check, $checkKeyLength] = self::mac_algorithm_to_hash_instance($mac_algorithm_in);
    $this->hmac_size = $this->hmac_check->getLengthInBytes();
}
```

So any SSH2 client session negotiating a non-AEAD cipher exercises the vulnerable code path starting from the first post-KEX packet.

### Contrast with existing code that does the right thing

`hash_equals()` is already used in 9 other places in the phpseclib codebase, proving the maintainer knows the pattern:

```
phpseclib/File/CMS/DigestedData.php:186
phpseclib/File/CMS/SignedData/Signer.php:294
phpseclib/File/CMS/SignedData/Signer.php:406
phpseclib/Crypt/Common/Formats/Keys/PuTTY.php:236
phpseclib/Crypt/RSA/PublicKey.php:98, 105, 188, 229
phpseclib/Crypt/RSA/PrivateKey.php:386
```

The SSH2 MAC comparison is the one place it was missed.

## Proof of concept

All scripts under `poc/`. They prove three things:
1. PHP's `!=` on equal-length binary strings IS variable-time and short-circuits.
2. `hash_equals()` is constant-time over the same inputs.
3. Applied to 32-byte HMAC-SHA256 values as produced by phpseclib's `Crypt\Hash` class, the code path at `SSH2.php:3405/3410` leaks ~2-14 ns of signal per comparison.

### PoC 1: baseline measurement (`poc/01_verify_variable_time.php`)

Measures `!=` vs `hash_equals()` on 32-byte strings with first-byte vs last-byte mismatch. 500,000 iterations each, trimmed mean, Welch's t-test.

Representative output (PHP 8.3.6 on Linux x86_64):

```
=== PHP != operator vs hash_equals() on 32-byte strings ===
Iterations: 500000

!= first-byte mismatch: median=40 p25=40 p75=50 tmean=44.3
!= last-byte mismatch:  median=50 p25=40 p75=50 tmean=46.4
Gap (last - first):     tmean_delta=2.1 ns

hash_equals first-byte: median=110 tmean=112.7
hash_equals last-byte:  median=111 tmean=114.9
Gap (last - first):     tmean_delta=2.2 ns
```

The 32-byte delta is small (~2 ns) and lives in the noise. This alone doesn't prove variable-time behavior. PoC 2 does.

### PoC 2: scaling test (`poc/02_scaling_test.php`)

The decisive test. If `!=` is truly constant-time, timing should not depend on mismatch position. If it short-circuits, timing should scale linearly with prefix length. Test strings from 32 bytes to 4096 bytes.

```
Length  32 bytes: range (first-last byte mismatch) =   1.72 ns
Length  64 bytes: range                            =   2.42 ns
Length 128 bytes: range                            =   8.33 ns
Length 256 bytes: range                            =  16.91 ns
Length 512 bytes: range                            =  38.89 ns
Length 1024 bytes: range                           =  81.16 ns
Length 4096 bytes: range                           = 284.26 ns
```

**This is monotone, linear scaling.** Confirmed variable-time: `!=` short-circuits. Per-byte delta ≈ 0.089 ns/byte (4096 bytes → ~284 ns → 284/4096 ≈ 0.069 ns/byte after accounting for the fixed call overhead).

### PoC 3: contrast with `hash_equals()` (`poc/03_hash_equals_scaling.php`)

Same test, `!=` vs `hash_equals()` on 1024-byte strings:

```
Mismatch pos         | != tmean (ns)        | hash_equals tmean
----------------------------------------------------------------------
byte    0            |    83.72 (sd  4.79) |   873.78 (sd 100.71)
byte  128            |    98.48 (sd  8.27) |   855.10 (sd 87.50)
byte  256            |   103.36 (sd  7.01) |   869.21 (sd 89.61)
byte  512            |   125.65 (sd 10.07) |   879.74 (sd 81.82)
byte  768            |   145.73 (sd  9.96) |   848.59 (sd 84.34)
byte 1023            |   175.33 (sd 14.31) |   852.24 (sd 85.81)

!= range (last - first):          91.62 ns
hash_equals range (last - first): 31.15 ns
```

`!=` monotonically increases with mismatch position. `hash_equals` is flat; the 31 ns range is measurement jitter (sd ≈ 90 ns > range).

Per-byte delta from this run: 91.62 / 1023 ≈ 0.089 ns/byte. Extrapolated to 32-byte HMAC: ~2.86 ns total signal between first-byte-diff and last-byte-diff.

### PoC 4: end-to-end with phpseclib's Hash class (`poc/04_phpseclib_in_context.php`)

Uses `phpseclib4\Crypt\Hash` (the exact class bound to `$this->hmac_check`) to compute a real HMAC-SHA-256, then executes the exact expression `$hmac != $this->hmac_check->hash(...)` from SSH2.php:3410:

```
Using != (SSH2.php:3405,3410 pattern):
  first-byte mismatch: 44.33 ns
  last-byte mismatch:  58.19 ns
  Δ (last - first):    13.86 ns  <-- timing leak signal

Using hash_equals() (the fix):
  first-byte mismatch: 113.67 ns
  last-byte mismatch:  112.93 ns
  Δ (last - first):    -0.74 ns  <-- should be flat (noise)
```

The 13.86 ns vs 2.86 ns variation between runs is within measurement variance — the signal is real and the sign matches every run (last > first for `!=`, flat for `hash_equals`).

## Impact

**Severity: Low (defense-in-depth).** This is a real CWE-208 instance, but it is not a practical remote vulnerability.

### Why exploitation over the network is infeasible

1. **Signal is tiny.** ~3-14 ns per HMAC compare. Network RTT jitter on a reasonable LAN is 100 µs (100,000 ns). On the internet it is 1-10 ms. The signal-to-noise ratio for a remote observer is ~1e-5 to 1e-7.

2. **One measurement per connection.** On every MAC failure, `SSH2.php:3406/3411` calls `disconnect_helper(MAC_ERROR)` and throws. The connection is torn down. A reconnect goes through a fresh key exchange, producing a new HMAC key. The HMAC over a fresh key is uncorrelated with the prior HMAC. An attacker cannot accumulate prefix-matching information across connections because there is no fixed target.

3. **MAC is over sequence-numbered data.** Each packet's MAC input includes `$this->get_seq_no` (line 3410) or a nonce (line 3404). Even within a single connection, replays are impossible — every MAC is bound to a distinct seq number. There is no stable oracle to probe.

4. **No adaptive probe.** A Bleichenbacher/Lucky13-style attack needs tens of thousands of adaptive queries against a single secret. SSH's hard disconnect eliminates this primitive entirely.

5. **Rough sample-count requirement.** To distinguish a 3 ns signal from 1 ms jitter with high confidence you need roughly `(noise / signal)^2 ≈ (1e6 / 3)^2 ≈ 1e11` independent samples. With one sample per connection (and each connection being against a fresh secret), this is unreachable on any practical scale.

### What remains real

1. **Cryptographic hygiene.** A security library should not use non-constant-time comparison on MACs, period. That is standard practice (RFC 4634, NIST SP 800-131A guidance on cryptographic implementations).
2. **Code correctness / API consistency.** The library already uses `hash_equals()` in 9 other comparable places. The SSH2 MAC path is inconsistent with the rest of the codebase.
3. **Future-proofing.** If PHP or the underlying `memcmp()` implementation changes, or if a future MAC algorithm uses longer digests, the signal grows linearly. A constant-time comparison eliminates the concern permanently.
4. **Static analysis / audit hygiene.** Cryptographic linters (e.g., GitHub CodeQL's `js/timing-attack`, phpcs-security-audit) flag non-constant-time comparisons on secret values. A clean codebase passes those checks.

### CVSS breakdown

`CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N` = **3.7 (Low)**

- **AV:N** — network path, attacker on the SSH transport.
- **AC:H** — extremely high complexity; remote exploitation is not demonstrated and is believed infeasible.
- **PR:N/UI:N** — no prior auth or interaction needed to observe the timing (if there were any signal).
- **S:U** — no scope change.
- **C:L / I:N / A:N** — theoretical information exposure of MAC prefix bits only, no integrity or availability impact.

This is the same vector string used for CVE-2026-32935 (the recent AES-CBC padding oracle in the same library), differing only in Confidentiality (L vs H) because padding oracle actually recovers plaintext whereas this MAC timing does not enable any known plaintext recovery.

## Fix

Two-line patch:

```diff
--- a/phpseclib/Net/SSH2.php
+++ b/phpseclib/Net/SSH2.php
@@ -3402,12 +3402,12 @@ class SSH2
                 substr($packet->raw, 0, -$this->hmac_size);
             if (($this->hmac_check->getHash() & "\xFF\xFF\xFF\xFF") == 'umac') {
                 $this->hmac_check->setNonce("\0\0\0\0" . pack('N', $this->get_seq_no));
-                if ($hmac != $this->hmac_check->hash($reconstructed)) {
+                if (!hash_equals($this->hmac_check->hash($reconstructed), $hmac)) {
                     $this->disconnect_helper(DisconnectReason::MAC_ERROR);
                     throw new ConnectionClosedException('Invalid UMAC');
                 }
             } else {
-                if ($hmac != $this->hmac_check->hash(pack('Na*', $this->get_seq_no, $reconstructed))) {
+                if (!hash_equals($this->hmac_check->hash(pack('Na*', $this->get_seq_no, $reconstructed)), $hmac)) {
                     $this->disconnect_helper(DisconnectReason::MAC_ERROR);
                     throw new ConnectionClosedException('Invalid HMAC');
                 }
```

The same one-liner should be applied to `phpseclib/Net/SSH2.php` on `3.0` (lines 3741, 3746), `2.0` (line 3796), and `1.0` (line 3810).

`hash_equals()` is a built-in PHP function available since PHP 5.6. phpseclib's minimum PHP version for all supported branches is well above that, so there is no compatibility concern — and indeed, as noted, `hash_equals()` is already used throughout the codebase for exactly this purpose.

### PoC 5: prefix-position byte-recovery test (`poc/05_prefix_position_test.php`)

The critical question: can an attacker recover the MAC byte-by-byte? Tests candidate MACs with 0, 1, 2, ..., 31 correct leading bytes using phpseclib's `Crypt\Hash` class. 500,000 iterations per position.

```
 0 correct prefix bytes: tmean= 65.75 ns  sd= 4.89 ns
 1 correct prefix bytes: tmean= 66.36 ns  sd= 4.77 ns
 2 correct prefix bytes: tmean= 60.06 ns  sd= 5.29 ns
 4 correct prefix bytes: tmean= 58.08 ns  sd= 5.24 ns
 8 correct prefix bytes: tmean= 66.93 ns  sd= 4.60 ns
12 correct prefix bytes: tmean= 64.01 ns  sd= 4.83 ns
16 correct prefix bytes: tmean= 61.81 ns  sd= 5.55 ns
20 correct prefix bytes: tmean= 60.46 ns  sd= 5.40 ns
24 correct prefix bytes: tmean= 60.53 ns  sd= 4.06 ns
28 correct prefix bytes: tmean= 60.54 ns  sd= 3.99 ns
31 correct prefix bytes: tmean= 59.04 ns  sd= 3.96 ns

Range (0 prefix vs 31 prefix): -6.71 ns (NEGATIVE)
```

**No monotonic signal.** The range is negative (wrong direction for an oracle), and the standard deviations (4-5 ns) are larger than any observed position-dependent delta. Byte-by-byte MAC recovery is not feasible even locally on 32-byte HMACs.

This conclusively rules out the "timing oracle for MAC forgery" escalation path.

## Escalation angles investigated and ruled out

9 rounds of external review suggested various escalation paths. Every one is dead:

| Angle | Result | Evidence |
|---|---|---|
| Byte-by-byte MAC recovery | **Dead** | PoC 5: no monotonic signal at 32 bytes (-6.71ns range, wrong sign) |
| Persistent oracle (connection survives MAC failure) | **Dead** | disconnect_helper() + throw is unconditional (3406-3412); reset_connection() clears all state |
| Sequence desync (Terrapin-style) | **Dead** | get_seq_no++ at 3469 is AFTER MAC check; failed MAC throws before increment |
| SSH_MSG_IGNORE MAC bypass | **Dead** | All message types go through get_binary_packet() MAC check before filter() |
| Memory exhaustion via packet_length | **Dead** | packet_length capped at 0x9000 (36KB) at line 3542 |
| State machine abuse / fail-open | **Dead** | reset_connection() nulls socket, clears bitmap, all crypto state |
| Protocol downgrade on MAC failure | **Dead** | Immediate disconnect, no fallback or renegotiation |
| Padding oracle chain (Lucky13) | **Dead** | MAC check (3405) is BEFORE padding interpretation (3418) |
| SFTP subsystem bypass | **Dead** | SFTP uses same SSH2 transport, same MAC verification |
| BigInteger type confusion | **Dead** | Engine selected at construction, not per-packet |
| Pre-auth reachability | Yes, but irrelevant | One guess per connection with fresh keys = no oracle |

## Devil's advocate review

Every objection I could think of, addressed:

**"This is just a code smell. Show me a real exploit."**
Acknowledged. The report does not claim remote exploitability. It is submitted as Low / defense-in-depth, consistent with how similar findings are treated in other cryptographic libraries (see e.g. OpenSSH commits replacing `memcmp()` with `timingsafe_bcmp` for similar reasons).

**"PHP's `!=` might not even short-circuit — you're just seeing noise."**
PoC 2 rules this out. Timing scales monotonically and nearly linearly with mismatch position across a 128x range of string lengths (32 bytes → 4096 bytes). That is not noise.

**"SSH disconnects on MAC failure, so you only get one sample. Case closed."**
Correct, and the report says so explicitly. This is why the severity is Low rather than High.

**"There is no adaptive probe because session keys rotate per connection."**
Correct, and the report says so explicitly. This is the primary reason the network attack is infeasible.

**"Is this Lucky13-style? Does the MAC check happen after padding?"**
No. MAC verification at `SSH2.php:3399-3414` runs BEFORE any padding interpretation. Padding length is only read at line 3418, strictly after the MAC check. There is no unpadding oracle here. (Lucky13 in phpseclib's AES-CBC decrypt path is a separate, already-fixed issue — CVE-2026-32935.)

**"Maybe the `get_seq_no` or nonce path somehow enables forgery."**
No. The seq number is deterministic (incremented by one per packet) and the nonce (for UMAC) is derived from it. Neither is attacker-controlled in any useful sense. The MAC key is the secret, and it is per-connection.

**"Is this already reported?"**
Searched published advisories (`gh api repos/phpseclib/phpseclib/security-advisories`). Only CVE-2026-32935 is published, for a different code path (AES-CBC padding oracle after MAC verification). The SSH2 MAC comparison issue is not covered by any published advisory. The fix commit for CVE-2026-32935 (`ccc21aef71eb170e9bf819b167e67d1fd9e6e788`) did not touch `SSH2.php:3405` or `:3410`.

**"Does the project's threat model even consider this in scope?"**
SECURITY.md says "To report a security vulnerability, please use the Tidelift security contact." It does not exclude timing side-channels. The maintainer has already fixed constant-time comparison issues in other parts of the library (RSA, OAEP, AES-CBC padding) and uses `hash_equals()` in 9 other places. This issue is consistent with the maintainer's existing security posture, and the fix is trivial.

**"Is the Low severity appropriate? Could it be informational?"**
Low is appropriate. "Informational" would be for something that is provably no-impact. This is a demonstrable CWE-208 instance on secret-dependent data. It scores 3.7 under CVSS v3.1 with AC:H and C:L. That is Low, not Informational. The recent CVE-2026-32935 is assigned for a timing-side-channel in the same file category and given CVSS 4.0 = 8.2 (their vector is more severe because padding oracle actually recovers plaintext). This one would score lower than that, which matches the Low designation.

**"Would a maintainer just close this?"**
Unlikely. The fix is a one-liner, there is no behavioral change, it aligns with existing code style in the same codebase, and it silences future audit findings. The maintainer has a track record of accepting similar hardening patches. If they close it, the reason would likely be "we already know, not worth a CVE" — which would still leave the code fixed, which is the goal.

## Suggested reporting path

GitHub PVR is enabled for phpseclib/phpseclib (`{"enabled":true}`). SECURITY.md says to use the Tidelift contact, but GitHub PVR is a reasonable alternative and lets the maintainer decide whether to coordinate with Tidelift. Either path is acceptable.

Given the Low severity, this could also be filed as a public pull request rather than a security advisory. That would be faster for everyone and avoids using the private disclosure channel for a hardening fix.

## Files

- `poc/01_verify_variable_time.php` — baseline 32-byte timing measurement
- `poc/02_scaling_test.php` — decisive scaling test across string lengths
- `poc/03_hash_equals_scaling.php` — `!=` vs `hash_equals()` comparison
- `poc/04_phpseclib_in_context.php` — end-to-end repro using phpseclib's `Crypt\Hash`
- `notes.md` — research notes, dead ends, escalation angles considered
- `prior-work.md` — prior work search results
- `status.json` — machine-readable status

Koda Reef
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-40194
reference_id
reference_type
scores
0
value 0.0001
scoring_system epss
scoring_elements 0.01005
published_at 2026-04-13T12:55:00Z
1
value 0.0001
scoring_system epss
scoring_elements 0.0101
published_at 2026-04-11T12:55:00Z
2
value 0.00013
scoring_system epss
scoring_elements 0.01982
published_at 2026-04-21T12:55:00Z
3
value 0.00013
scoring_system epss
scoring_elements 0.01895
published_at 2026-04-18T12:55:00Z
4
value 0.00013
scoring_system epss
scoring_elements 0.01897
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-40194
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40194
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40194
2
reference_url https://github.com/phpseclib/phpseclib
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/phpseclib/phpseclib
3
reference_url https://github.com/phpseclib/phpseclib/commit/ffe48b6b1b1af6963327f0a5330e3aa004a194ac
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T15:28:24Z/
url https://github.com/phpseclib/phpseclib/commit/ffe48b6b1b1af6963327f0a5330e3aa004a194ac
4
reference_url https://github.com/phpseclib/phpseclib/releases/tag/1.0.28
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T15:28:24Z/
url https://github.com/phpseclib/phpseclib/releases/tag/1.0.28
5
reference_url https://github.com/phpseclib/phpseclib/releases/tag/2.0.53
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T15:28:24Z/
url https://github.com/phpseclib/phpseclib/releases/tag/2.0.53
6
reference_url https://github.com/phpseclib/phpseclib/releases/tag/3.0.51
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T15:28:24Z/
url https://github.com/phpseclib/phpseclib/releases/tag/3.0.51
7
reference_url https://github.com/phpseclib/phpseclib/security/advisories/GHSA-r854-jrxh-36qx
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T15:28:24Z/
url https://github.com/phpseclib/phpseclib/security/advisories/GHSA-r854-jrxh-36qx
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-40194
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-40194
9
reference_url https://github.com/advisories/GHSA-r854-jrxh-36qx
reference_id GHSA-r854-jrxh-36qx
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r854-jrxh-36qx
fixed_packages
0
url pkg:deb/debian/php-phpseclib@2.0.53-1?distro=trixie
purl pkg:deb/debian/php-phpseclib@2.0.53-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-phpseclib@2.0.53-1%3Fdistro=trixie
aliases CVE-2026-40194, GHSA-r854-jrxh-36qx
risk_score 1.6
exploitability 0.5
weighted_severity 3.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hnn9-wcwe-ffa5
Fixing_vulnerabilities
0
url VCID-6xjw-f9xu-fkg8
vulnerability_id VCID-6xjw-f9xu-fkg8
summary 
phpseclib a large prime can cause a denial of service
An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. An attacker can construct a malformed certificate containing an extremely large prime to cause a denial of service (CPU consumption for an isPrime primality check). NOTE: this issue was introduced when attempting to fix CVE-2023-27560.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-27354
reference_id
reference_type
scores
0
value 0.00204
scoring_system epss
scoring_elements 0.42569
published_at 2026-04-08T12:55:00Z
1
value 0.00204
scoring_system epss
scoring_elements 0.4255
published_at 2026-04-02T12:55:00Z
2
value 0.00204
scoring_system epss
scoring_elements 0.42578
published_at 2026-04-09T12:55:00Z
3
value 0.00204
scoring_system epss
scoring_elements 0.42517
published_at 2026-04-07T12:55:00Z
4
value 0.00204
scoring_system epss
scoring_elements 0.42512
published_at 2026-04-21T12:55:00Z
5
value 0.00204
scoring_system epss
scoring_elements 0.4258
published_at 2026-04-18T12:55:00Z
6
value 0.00204
scoring_system epss
scoring_elements 0.42595
published_at 2026-04-16T12:55:00Z
7
value 0.00204
scoring_system epss
scoring_elements 0.42535
published_at 2026-04-13T12:55:00Z
8
value 0.00204
scoring_system epss
scoring_elements 0.42564
published_at 2026-04-12T12:55:00Z
9
value 0.00204
scoring_system epss
scoring_elements 0.426
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-27354
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27354
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27354
2
reference_url https://gist.github.com/katzj/ee72f3c2a00590812b2ea3c0c8890e0b
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-03-06T15:59:46Z/
url https://gist.github.com/katzj/ee72f3c2a00590812b2ea3c0c8890e0b
3
reference_url https://github.com/advisories/GHSA-hg35-mp25-qf6h
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-hg35-mp25-qf6h
4
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/phpseclib/phpseclib/CVE-2024-27354.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/phpseclib/phpseclib/CVE-2024-27354.yaml
5
reference_url https://github.com/phpseclib/phpseclib
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/phpseclib/phpseclib
6
reference_url https://github.com/phpseclib/phpseclib/blob/master/phpseclib/Math/PrimeField.php#L49
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-03-06T15:59:46Z/
url https://github.com/phpseclib/phpseclib/blob/master/phpseclib/Math/PrimeField.php#L49
7
reference_url https://github.com/phpseclib/phpseclib/commit/2870c8fab3f132d2ed40a66c97a36fe5ab625698
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/phpseclib/phpseclib/commit/2870c8fab3f132d2ed40a66c97a36fe5ab625698
8
reference_url https://github.com/phpseclib/phpseclib/commit/ad5dbdf2129f5e0fb644637770b7f33de8ca8575
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/phpseclib/phpseclib/commit/ad5dbdf2129f5e0fb644637770b7f33de8ca8575
9
reference_url https://github.com/phpseclib/phpseclib/commit/c55b75199ec8d12cec6eadf6da99da4a3712fe56
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/phpseclib/phpseclib/commit/c55b75199ec8d12cec6eadf6da99da4a3712fe56
10
reference_url https://lists.debian.org/debian-lts-announce/2024/03/msg00002.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-03-06T15:59:46Z/
url https://lists.debian.org/debian-lts-announce/2024/03/msg00002.html
11
reference_url https://lists.debian.org/debian-lts-announce/2024/03/msg00003.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-03-06T15:59:46Z/
url https://lists.debian.org/debian-lts-announce/2024/03/msg00003.html
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-27354
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-27354
13
reference_url https://usn.ubuntu.com/7404-1/
reference_id USN-7404-1
reference_type
scores
url https://usn.ubuntu.com/7404-1/
fixed_packages
0
url pkg:deb/debian/php-phpseclib@2.0.30-2%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/php-phpseclib@2.0.30-2%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8h2u-szq5-13ar
1
vulnerability VCID-hnn9-wcwe-ffa5
2
vulnerability VCID-ku5e-5j7s-qyc9
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-phpseclib@2.0.30-2%252Bdeb11u2%3Fdistro=trixie
1
url pkg:deb/debian/php-phpseclib@2.0.42-1%2Bdeb12u2?distro=trixie
purl pkg:deb/debian/php-phpseclib@2.0.42-1%2Bdeb12u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hnn9-wcwe-ffa5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-phpseclib@2.0.42-1%252Bdeb12u2%3Fdistro=trixie
2
url pkg:deb/debian/php-phpseclib@2.0.47-1?distro=trixie
purl pkg:deb/debian/php-phpseclib@2.0.47-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-phpseclib@2.0.47-1%3Fdistro=trixie
3
url pkg:deb/debian/php-phpseclib@2.0.48-3?distro=trixie
purl pkg:deb/debian/php-phpseclib@2.0.48-3?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hnn9-wcwe-ffa5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-phpseclib@2.0.48-3%3Fdistro=trixie
4
url pkg:deb/debian/php-phpseclib@2.0.52-1?distro=trixie
purl pkg:deb/debian/php-phpseclib@2.0.52-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hnn9-wcwe-ffa5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-phpseclib@2.0.52-1%3Fdistro=trixie
5
url pkg:deb/debian/php-phpseclib@2.0.53-1?distro=trixie
purl pkg:deb/debian/php-phpseclib@2.0.53-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-phpseclib@2.0.53-1%3Fdistro=trixie
aliases CVE-2024-27354, GHSA-hg35-mp25-qf6h
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6xjw-f9xu-fkg8
1
url VCID-8h2u-szq5-13ar
vulnerability_id VCID-8h2u-szq5-13ar
summary 
Name confusion in x509 Subject Alternative Name fields
In phpseclib before 1.0.22, 2.x before 2.0.46, and 3.x before 3.0.33, some characters in Subject Alternative Name fields in TLS certificates are incorrectly allowed to have a special meaning in regular expressions (such as a + wildcard), leading to name confusion in X.509 certificate host verification.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-52892
reference_id
reference_type
scores
0
value 0.00183
scoring_system epss
scoring_elements 0.40068
published_at 2026-04-02T12:55:00Z
1
value 0.00183
scoring_system epss
scoring_elements 0.40094
published_at 2026-04-04T12:55:00Z
2
value 0.00188
scoring_system epss
scoring_elements 0.4069
published_at 2026-04-16T12:55:00Z
3
value 0.00188
scoring_system epss
scoring_elements 0.40645
published_at 2026-04-13T12:55:00Z
4
value 0.00188
scoring_system epss
scoring_elements 0.40664
published_at 2026-04-12T12:55:00Z
5
value 0.00188
scoring_system epss
scoring_elements 0.40699
published_at 2026-04-11T12:55:00Z
6
value 0.00188
scoring_system epss
scoring_elements 0.40672
published_at 2026-04-08T12:55:00Z
7
value 0.00188
scoring_system epss
scoring_elements 0.40622
published_at 2026-04-07T12:55:00Z
8
value 0.00188
scoring_system epss
scoring_elements 0.40681
published_at 2026-04-09T12:55:00Z
9
value 0.00188
scoring_system epss
scoring_elements 0.40659
published_at 2026-04-18T12:55:00Z
10
value 0.00225
scoring_system epss
scoring_elements 0.45206
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-52892
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52892
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52892
2
reference_url https://github.com/phpseclib/phpseclib
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/phpseclib/phpseclib
3
reference_url https://github.com/phpseclib/phpseclib/commit/6cd6e8ceab9f2b55c8cd81d2192bf98cbeaf4627
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-21T19:54:11Z/
url https://github.com/phpseclib/phpseclib/commit/6cd6e8ceab9f2b55c8cd81d2192bf98cbeaf4627
4
reference_url https://github.com/phpseclib/phpseclib/issues/1943
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-21T19:54:11Z/
url https://github.com/phpseclib/phpseclib/issues/1943
5
reference_url https://github.com/phpseclib/phpseclib/releases/tag/3.0.33
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-21T19:54:11Z/
url https://github.com/phpseclib/phpseclib/releases/tag/3.0.33
6
reference_url https://github.com/x509-name-testing/name_testing_artifacts
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-21T19:54:11Z/
url https://github.com/x509-name-testing/name_testing_artifacts
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-52892
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-52892
8
reference_url https://github.com/advisories/GHSA-ff7q-6vwh-v9m4
reference_id GHSA-ff7q-6vwh-v9m4
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-ff7q-6vwh-v9m4
9
reference_url https://usn.ubuntu.com/7404-1/
reference_id USN-7404-1
reference_type
scores
url https://usn.ubuntu.com/7404-1/
fixed_packages
0
url pkg:deb/debian/php-phpseclib@2.0.42-1%2Bdeb12u2?distro=trixie
purl pkg:deb/debian/php-phpseclib@2.0.42-1%2Bdeb12u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hnn9-wcwe-ffa5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-phpseclib@2.0.42-1%252Bdeb12u2%3Fdistro=trixie
1
url pkg:deb/debian/php-phpseclib@2.0.42-1%2Bdeb12u3?distro=trixie
purl pkg:deb/debian/php-phpseclib@2.0.42-1%2Bdeb12u3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-phpseclib@2.0.42-1%252Bdeb12u3%3Fdistro=trixie
2
url pkg:deb/debian/php-phpseclib@2.0.46-1?distro=trixie
purl pkg:deb/debian/php-phpseclib@2.0.46-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-phpseclib@2.0.46-1%3Fdistro=trixie
3
url pkg:deb/debian/php-phpseclib@2.0.48-3?distro=trixie
purl pkg:deb/debian/php-phpseclib@2.0.48-3?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hnn9-wcwe-ffa5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-phpseclib@2.0.48-3%3Fdistro=trixie
4
url pkg:deb/debian/php-phpseclib@2.0.52-1?distro=trixie
purl pkg:deb/debian/php-phpseclib@2.0.52-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hnn9-wcwe-ffa5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-phpseclib@2.0.52-1%3Fdistro=trixie
5
url pkg:deb/debian/php-phpseclib@2.0.53-1?distro=trixie
purl pkg:deb/debian/php-phpseclib@2.0.53-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-phpseclib@2.0.53-1%3Fdistro=trixie
aliases CVE-2023-52892, GHSA-ff7q-6vwh-v9m4
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8h2u-szq5-13ar
2
url VCID-ars3-xpyv-jbf1
vulnerability_id VCID-ars3-xpyv-jbf1
summary 
phpseclib does not properly limit the ASN1 OID length
An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. When processing the ASN.1 object identifier of a certificate, a sub identifier may be provided that leads to a denial of service (CPU consumption for decodeOID).
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-27355
reference_id
reference_type
scores
0
value 0.00204
scoring_system epss
scoring_elements 0.42564
published_at 2026-04-12T12:55:00Z
1
value 0.00204
scoring_system epss
scoring_elements 0.42512
published_at 2026-04-21T12:55:00Z
2
value 0.00204
scoring_system epss
scoring_elements 0.4258
published_at 2026-04-18T12:55:00Z
3
value 0.00204
scoring_system epss
scoring_elements 0.42595
published_at 2026-04-16T12:55:00Z
4
value 0.00204
scoring_system epss
scoring_elements 0.42535
published_at 2026-04-13T12:55:00Z
5
value 0.00204
scoring_system epss
scoring_elements 0.4255
published_at 2026-04-02T12:55:00Z
6
value 0.00204
scoring_system epss
scoring_elements 0.42578
published_at 2026-04-09T12:55:00Z
7
value 0.00204
scoring_system epss
scoring_elements 0.42517
published_at 2026-04-07T12:55:00Z
8
value 0.00204
scoring_system epss
scoring_elements 0.42569
published_at 2026-04-08T12:55:00Z
9
value 0.00204
scoring_system epss
scoring_elements 0.426
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-27355
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27355
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27355
2
reference_url https://gist.github.com/katzj/ee72f3c2a00590812b2ea3c0c8890e0b
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-09T14:10:07Z/
url https://gist.github.com/katzj/ee72f3c2a00590812b2ea3c0c8890e0b
3
reference_url https://github.com/advisories/GHSA-jr22-8qgm-4q87
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-jr22-8qgm-4q87
4
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/phpseclib/phpseclib/CVE-2024-27355.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/phpseclib/phpseclib/CVE-2024-27355.yaml
5
reference_url https://github.com/phpseclib/phpseclib
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/phpseclib/phpseclib
6
reference_url https://github.com/phpseclib/phpseclib/blob/978d081fe50ff92879c50ff143c62a143edb0117/phpseclib/File/ASN1.php#L1129
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-09T14:10:07Z/
url https://github.com/phpseclib/phpseclib/blob/978d081fe50ff92879c50ff143c62a143edb0117/phpseclib/File/ASN1.php#L1129
7
reference_url https://github.com/phpseclib/phpseclib/commit/e32531001b4d62c66c3d824ccef54ffad835eb59
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/phpseclib/phpseclib/commit/e32531001b4d62c66c3d824ccef54ffad835eb59
8
reference_url https://lists.debian.org/debian-lts-announce/2024/03/msg00002.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-09T14:10:07Z/
url https://lists.debian.org/debian-lts-announce/2024/03/msg00002.html
9
reference_url https://lists.debian.org/debian-lts-announce/2024/03/msg00003.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-09T14:10:07Z/
url https://lists.debian.org/debian-lts-announce/2024/03/msg00003.html
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-27355
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-27355
11
reference_url https://usn.ubuntu.com/7404-1/
reference_id USN-7404-1
reference_type
scores
url https://usn.ubuntu.com/7404-1/
fixed_packages
0
url pkg:deb/debian/php-phpseclib@2.0.30-2%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/php-phpseclib@2.0.30-2%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8h2u-szq5-13ar
1
vulnerability VCID-hnn9-wcwe-ffa5
2
vulnerability VCID-ku5e-5j7s-qyc9
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-phpseclib@2.0.30-2%252Bdeb11u2%3Fdistro=trixie
1
url pkg:deb/debian/php-phpseclib@2.0.42-1%2Bdeb12u2?distro=trixie
purl pkg:deb/debian/php-phpseclib@2.0.42-1%2Bdeb12u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hnn9-wcwe-ffa5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-phpseclib@2.0.42-1%252Bdeb12u2%3Fdistro=trixie
2
url pkg:deb/debian/php-phpseclib@2.0.47-1?distro=trixie
purl pkg:deb/debian/php-phpseclib@2.0.47-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-phpseclib@2.0.47-1%3Fdistro=trixie
3
url pkg:deb/debian/php-phpseclib@2.0.48-3?distro=trixie
purl pkg:deb/debian/php-phpseclib@2.0.48-3?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hnn9-wcwe-ffa5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-phpseclib@2.0.48-3%3Fdistro=trixie
4
url pkg:deb/debian/php-phpseclib@2.0.52-1?distro=trixie
purl pkg:deb/debian/php-phpseclib@2.0.52-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hnn9-wcwe-ffa5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-phpseclib@2.0.52-1%3Fdistro=trixie
5
url pkg:deb/debian/php-phpseclib@2.0.53-1?distro=trixie
purl pkg:deb/debian/php-phpseclib@2.0.53-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-phpseclib@2.0.53-1%3Fdistro=trixie
aliases CVE-2024-27355, GHSA-jr22-8qgm-4q87
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ars3-xpyv-jbf1
3
url VCID-jzn6-bzzf-nugp
vulnerability_id VCID-jzn6-bzzf-nugp
summary 
Improper Validation of Integrity Check Value
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.
references
0
reference_url http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-48795.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-48795.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-48795
reference_id
reference_type
scores
0
value 0.5673
scoring_system epss
scoring_elements 0.98134
published_at 2026-04-16T12:55:00Z
1
value 0.5673
scoring_system epss
scoring_elements 0.98136
published_at 2026-04-18T12:55:00Z
2
value 0.5673
scoring_system epss
scoring_elements 0.98124
published_at 2026-04-09T12:55:00Z
3
value 0.5673
scoring_system epss
scoring_elements 0.98114
published_at 2026-04-02T12:55:00Z
4
value 0.5673
scoring_system epss
scoring_elements 0.98118
published_at 2026-04-04T12:55:00Z
5
value 0.5673
scoring_system epss
scoring_elements 0.98119
published_at 2026-04-07T12:55:00Z
6
value 0.5673
scoring_system epss
scoring_elements 0.98123
published_at 2026-04-08T12:55:00Z
7
value 0.5673
scoring_system epss
scoring_elements 0.98129
published_at 2026-04-13T12:55:00Z
8
value 0.5673
scoring_system epss
scoring_elements 0.98128
published_at 2026-04-12T12:55:00Z
9
value 0.61084
scoring_system epss
scoring_elements 0.98316
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-48795
3
reference_url https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack
4
reference_url https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/
5
reference_url https://bugs.gentoo.org/920280
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://bugs.gentoo.org/920280
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2254210
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2254210
7
reference_url https://bugzilla.suse.com/show_bug.cgi?id=1217950
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://bugzilla.suse.com/show_bug.cgi?id=1217950
8
reference_url https://crates.io/crates/thrussh/versions
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://crates.io/crates/thrussh/versions
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51385
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51385
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6004
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6004
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6918
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6918
13
reference_url http://seclists.org/fulldisclosure/2024/Mar/21
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url http://seclists.org/fulldisclosure/2024/Mar/21
14
reference_url https://filezilla-project.org/versions.php
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://filezilla-project.org/versions.php
15
reference_url https://forum.netgate.com/topic/184941/terrapin-ssh-attack
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://forum.netgate.com/topic/184941/terrapin-ssh-attack
16
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
17
reference_url https://github.com/apache/mina-sshd/issues/445
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://github.com/apache/mina-sshd/issues/445
18
reference_url https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab
19
reference_url https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22
20
reference_url https://github.com/cyd01/KiTTY/issues/520
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://github.com/cyd01/KiTTY/issues/520
21
reference_url https://github.com/drakkan/sftpgo/releases/tag/v2.5.6
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://github.com/drakkan/sftpgo/releases/tag/v2.5.6
22
reference_url https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42
23
reference_url https://github.com/erlang/otp/releases/tag/OTP-26.2.1
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://github.com/erlang/otp/releases/tag/OTP-26.2.1
24
reference_url https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d
25
reference_url https://github.com/hierynomus/sshj/issues/916
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://github.com/hierynomus/sshj/issues/916
26
reference_url https://github.com/janmojzis/tinyssh/issues/81
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://github.com/janmojzis/tinyssh/issues/81
27
reference_url https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5
28
reference_url https://github.com/libssh2/libssh2/pull/1291
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://github.com/libssh2/libssh2/pull/1291
29
reference_url https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25
30
reference_url https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3
31
reference_url https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15
32
reference_url https://github.com/mwiede/jsch/issues/457
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://github.com/mwiede/jsch/issues/457
33
reference_url https://github.com/mwiede/jsch/pull/461
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://github.com/mwiede/jsch/pull/461
34
reference_url https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16
35
reference_url https://github.com/NixOS/nixpkgs/pull/275249
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://github.com/NixOS/nixpkgs/pull/275249
36
reference_url https://github.com/openssh/openssh-portable/commits/master
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://github.com/openssh/openssh-portable/commits/master
37
reference_url https://github.com/paramiko/paramiko/issues/2337
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://github.com/paramiko/paramiko/issues/2337
38
reference_url https://github.com/paramiko/paramiko/issues/2337#issuecomment-1887642773
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/paramiko/paramiko/issues/2337#issuecomment-1887642773
39
reference_url https://github.com/PowerShell/Win32-OpenSSH/issues/2189
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://github.com/PowerShell/Win32-OpenSSH/issues/2189
40
reference_url https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta
41
reference_url https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES
42
reference_url https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES
43
reference_url https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES
44
reference_url https://github.com/proftpd/proftpd/issues/456
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://github.com/proftpd/proftpd/issues/456
45
reference_url https://github.com/rapier1/hpn-ssh/releases
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://github.com/rapier1/hpn-ssh/releases
46
reference_url https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst
47
reference_url https://github.com/ronf/asyncssh/tags
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://github.com/ronf/asyncssh/tags
48
reference_url https://github.com/ssh-mitm/ssh-mitm/issues/165
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://github.com/ssh-mitm/ssh-mitm/issues/165
49
reference_url https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0
50
reference_url https://github.com/TeraTermProject/teraterm/releases/tag/v5.1
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://github.com/TeraTermProject/teraterm/releases/tag/v5.1
51
reference_url https://github.com/warp-tech/russh
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/warp-tech/russh
52
reference_url https://github.com/warp-tech/russh/commit/1aa340a7df1d5be1c0f4a9e247aade76dfdd2951
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/warp-tech/russh/commit/1aa340a7df1d5be1c0f4a9e247aade76dfdd2951
53
reference_url https://github.com/warp-tech/russh/releases/tag/v0.40.2
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://github.com/warp-tech/russh/releases/tag/v0.40.2
54
reference_url https://gitlab.com/libssh/libssh-mirror/-/tags
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://gitlab.com/libssh/libssh-mirror/-/tags
55
reference_url https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6
56
reference_url https://go.dev/cl/550715
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://go.dev/cl/550715
57
reference_url https://go.dev/issue/64784
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://go.dev/issue/64784
58
reference_url https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ
59
reference_url https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg
60
reference_url https://help.panic.com/releasenotes/transmit5
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://help.panic.com/releasenotes/transmit5
61
reference_url https://help.panic.com/releasenotes/transmit5/
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://help.panic.com/releasenotes/transmit5/
62
reference_url https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795
63
reference_url https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/
64
reference_url https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html
65
reference_url https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html
66
reference_url https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html
67
reference_url https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html
68
reference_url https://lists.debian.org/debian-lts-announce/2024/09/msg00042.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2024/09/msg00042.html
69
reference_url https://lists.debian.org/debian-lts-announce/2024/11/msg00032.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2024/11/msg00032.html
70
reference_url https://lists.debian.org/debian-lts-announce/2025/04/msg00028.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/04/msg00028.html
71
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA
72
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS
73
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE
74
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O
75
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/
76
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR
77
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3
78
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/
79
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6
80
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC
81
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B
82
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y
83
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/
84
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP
85
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG
86
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P
87
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD
88
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/
89
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7
90
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM
91
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB
92
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/
93
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7
94
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/
95
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA
96
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE
97
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O
98
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR
99
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3
100
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC
101
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP
102
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG
103
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7
104
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM
105
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB
106
reference_url https://matt.ucc.asn.au/dropbear/CHANGES
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://matt.ucc.asn.au/dropbear/CHANGES
107
reference_url https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC
108
reference_url https://news.ycombinator.com/item?id=38684904
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://news.ycombinator.com/item?id=38684904
109
reference_url https://news.ycombinator.com/item?id=38685286
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://news.ycombinator.com/item?id=38685286
110
reference_url https://news.ycombinator.com/item?id=38732005
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://news.ycombinator.com/item?id=38732005
111
reference_url https://nova.app/releases/#v11.8
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://nova.app/releases/#v11.8
112
reference_url https://oryx-embedded.com/download/#changelog
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://oryx-embedded.com/download/#changelog
113
reference_url https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002
114
reference_url https://roumenpetrov.info/secsh/#news20231220
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://roumenpetrov.info/secsh/#news20231220
115
reference_url https://security.gentoo.org/glsa/202312-16
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://security.gentoo.org/glsa/202312-16
116
reference_url https://security.gentoo.org/glsa/202312-17
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://security.gentoo.org/glsa/202312-17
117
reference_url https://security.netapp.com/advisory/ntap-20240105-0004
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20240105-0004
118
reference_url https://security-tracker.debian.org/tracker/source-package/libssh2
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://security-tracker.debian.org/tracker/source-package/libssh2
119
reference_url https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg
120
reference_url https://security-tracker.debian.org/tracker/source-package/trilead-ssh2
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://security-tracker.debian.org/tracker/source-package/trilead-ssh2
121
reference_url https://support.apple.com/kb/HT214084
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://support.apple.com/kb/HT214084
122
reference_url https://twitter.com/TrueSkrillor/status/1736774389725565005
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://twitter.com/TrueSkrillor/status/1736774389725565005
123
reference_url https://winscp.net/eng/docs/history#6.2.2
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://winscp.net/eng/docs/history#6.2.2
124
reference_url https://www.bitvise.com/ssh-client-version-history#933
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://www.bitvise.com/ssh-client-version-history#933
125
reference_url https://www.bitvise.com/ssh-server-version-history
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://www.bitvise.com/ssh-server-version-history
126
reference_url https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html
127
reference_url https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update
128
reference_url https://www.debian.org/security/2023/dsa-5586
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://www.debian.org/security/2023/dsa-5586
129
reference_url https://www.debian.org/security/2023/dsa-5588
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://www.debian.org/security/2023/dsa-5588
130
reference_url https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc
131
reference_url https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508
132
reference_url https://www.netsarang.com/en/xshell-update-history
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.netsarang.com/en/xshell-update-history
133
reference_url https://www.netsarang.com/en/xshell-update-history/
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://www.netsarang.com/en/xshell-update-history/
134
reference_url https://www.openssh.com/openbsd.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://www.openssh.com/openbsd.html
135
reference_url https://www.openssh.com/txt/release-9.6
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://www.openssh.com/txt/release-9.6
136
reference_url https://www.openwall.com/lists/oss-security/2023/12/18/2
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://www.openwall.com/lists/oss-security/2023/12/18/2
137
reference_url https://www.openwall.com/lists/oss-security/2023/12/20/3
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://www.openwall.com/lists/oss-security/2023/12/20/3
138
reference_url https://www.paramiko.org/changelog.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://www.paramiko.org/changelog.html
139
reference_url https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed
140
reference_url https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/
141
reference_url https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795
142
reference_url https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/
143
reference_url https://www.terrapin-attack.com
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://www.terrapin-attack.com
144
reference_url https://www.theregister.com/2023/12/20/terrapin_attack_ssh
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://www.theregister.com/2023/12/20/terrapin_attack_ssh
145
reference_url https://www.vandyke.com/products/securecrt/history.txt
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://www.vandyke.com/products/securecrt/history.txt
146
reference_url http://www.openwall.com/lists/oss-security/2023/12/18/3
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url http://www.openwall.com/lists/oss-security/2023/12/18/3
147
reference_url http://www.openwall.com/lists/oss-security/2023/12/19/5
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url http://www.openwall.com/lists/oss-security/2023/12/19/5
148
reference_url http://www.openwall.com/lists/oss-security/2023/12/20/3
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url http://www.openwall.com/lists/oss-security/2023/12/20/3
149
reference_url http://www.openwall.com/lists/oss-security/2024/03/06/3
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url http://www.openwall.com/lists/oss-security/2024/03/06/3
150
reference_url http://www.openwall.com/lists/oss-security/2024/04/17/8
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url http://www.openwall.com/lists/oss-security/2024/04/17/8
151
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059001
reference_id 1059001
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059001
152
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059002
reference_id 1059002
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059002
153
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059003
reference_id 1059003
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059003
154
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059004
reference_id 1059004
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059004
155
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059005
reference_id 1059005
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059005
156
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059006
reference_id 1059006
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059006
157
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059007
reference_id 1059007
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059007
158
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059058
reference_id 1059058
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059058
159
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059144
reference_id 1059144
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059144
160
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059290
reference_id 1059290
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059290
161
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059294
reference_id 1059294
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059294
162
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/
reference_id 33XHJUB6ROFUOH2OQNENFROTVH6MHSHA
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/
163
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/
reference_id 3CAYYW35MUTNO65RVAELICTNZZFMT2XS
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/
164
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/
reference_id 3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/
165
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/
reference_id 6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/
166
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/
reference_id BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/
167
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/
reference_id C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/
168
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/
reference_id CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/
169
reference_url https://access.redhat.com/security/cve/cve-2023-48795
reference_id CVE-2023-48795
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://access.redhat.com/security/cve/cve-2023-48795
170
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-48795
reference_id CVE-2023-48795
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-48795
171
reference_url https://security-tracker.debian.org/tracker/CVE-2023-48795
reference_id CVE-2023-48795
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://security-tracker.debian.org/tracker/CVE-2023-48795
172
reference_url https://ubuntu.com/security/CVE-2023-48795
reference_id CVE-2023-48795
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://ubuntu.com/security/CVE-2023-48795
173
reference_url https://thorntech.com/cve-2023-48795-and-sftp-gateway
reference_id CVE-2023-48795-AND-SFTP-GATEWAY
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://thorntech.com/cve-2023-48795-and-sftp-gateway
174
reference_url https://thorntech.com/cve-2023-48795-and-sftp-gateway/
reference_id CVE-2023-48795-AND-SFTP-GATEWAY
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://thorntech.com/cve-2023-48795-and-sftp-gateway/
175
reference_url https://www.vicarius.io/vsociety/posts/cve-2023-48795-detect-openssh-vulnerabilit
reference_id CVE-2023-48795-DETECT-OPENSSH-VULNERABILIT
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.vicarius.io/vsociety/posts/cve-2023-48795-detect-openssh-vulnerabilit
176
reference_url https://www.vicarius.io/vsociety/posts/cve-2023-48795-mitigate-openssh-vulnerability
reference_id CVE-2023-48795-MITIGATE-OPENSSH-VULNERABILITY
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.vicarius.io/vsociety/posts/cve-2023-48795-mitigate-openssh-vulnerability
177
reference_url https://github.com/advisories/GHSA-45x7-px36-x8w8
reference_id GHSA-45x7-px36-x8w8
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://github.com/advisories/GHSA-45x7-px36-x8w8
178
reference_url https://github.com/warp-tech/russh/security/advisories/GHSA-45x7-px36-x8w8
reference_id GHSA-45x7-px36-x8w8
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/warp-tech/russh/security/advisories/GHSA-45x7-px36-x8w8
179
reference_url https://security.gentoo.org/glsa/202407-11
reference_id GLSA-202407-11
reference_type
scores
url https://security.gentoo.org/glsa/202407-11
180
reference_url https://security.gentoo.org/glsa/202407-12
reference_id GLSA-202407-12
reference_type
scores
url https://security.gentoo.org/glsa/202407-12
181
reference_url https://security.gentoo.org/glsa/202509-06
reference_id GLSA-202509-06
reference_type
scores
url https://security.gentoo.org/glsa/202509-06
182
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/
reference_id HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/
183
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/
reference_id I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/
184
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/
reference_id KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/
185
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/
reference_id L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/
186
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/
reference_id LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/
187
reference_url https://security.netapp.com/advisory/ntap-20240105-0004/
reference_id ntap-20240105-0004
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/
url https://security.netapp.com/advisory/ntap-20240105-0004/
188
reference_url https://access.redhat.com/errata/RHSA-2023:7197
reference_id RHSA-2023:7197
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7197
189
reference_url https://access.redhat.com/errata/RHSA-2023:7198
reference_id RHSA-2023:7198
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7198
190
reference_url https://access.redhat.com/errata/RHSA-2023:7201
reference_id RHSA-2023:7201
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7201
191
reference_url https://access.redhat.com/errata/RHSA-2024:0040
reference_id RHSA-2024:0040
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0040
192
reference_url https://access.redhat.com/errata/RHSA-2024:0429
reference_id RHSA-2024:0429
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0429
193
reference_url https://access.redhat.com/errata/RHSA-2024:0455
reference_id RHSA-2024:0455
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0455
194
reference_url https://access.redhat.com/errata/RHSA-2024:0499
reference_id RHSA-2024:0499
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0499
195
reference_url https://access.redhat.com/errata/RHSA-2024:0538
reference_id RHSA-2024:0538
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0538
196
reference_url https://access.redhat.com/errata/RHSA-2024:0594
reference_id RHSA-2024:0594
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0594
197
reference_url https://access.redhat.com/errata/RHSA-2024:0606
reference_id RHSA-2024:0606
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0606
198
reference_url https://access.redhat.com/errata/RHSA-2024:0625
reference_id RHSA-2024:0625
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0625
199
reference_url https://access.redhat.com/errata/RHSA-2024:0628
reference_id RHSA-2024:0628
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0628
200
reference_url https://access.redhat.com/errata/RHSA-2024:0766
reference_id RHSA-2024:0766
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0766
201
reference_url https://access.redhat.com/errata/RHSA-2024:0789
reference_id RHSA-2024:0789
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0789
202
reference_url https://access.redhat.com/errata/RHSA-2024:0843
reference_id RHSA-2024:0843
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0843
203
reference_url https://access.redhat.com/errata/RHSA-2024:0880
reference_id RHSA-2024:0880
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0880
204
reference_url https://access.redhat.com/errata/RHSA-2024:0954
reference_id RHSA-2024:0954
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0954
205
reference_url https://access.redhat.com/errata/RHSA-2024:1130
reference_id RHSA-2024:1130
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1130
206
reference_url https://access.redhat.com/errata/RHSA-2024:1150
reference_id RHSA-2024:1150
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1150
207
reference_url https://access.redhat.com/errata/RHSA-2024:1192
reference_id RHSA-2024:1192
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1192
208
reference_url https://access.redhat.com/errata/RHSA-2024:1193
reference_id RHSA-2024:1193
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1193
209
reference_url https://access.redhat.com/errata/RHSA-2024:1196
reference_id RHSA-2024:1196
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1196
210
reference_url https://access.redhat.com/errata/RHSA-2024:1197
reference_id RHSA-2024:1197
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1197
211
reference_url https://access.redhat.com/errata/RHSA-2024:1210
reference_id RHSA-2024:1210
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1210
212
reference_url https://access.redhat.com/errata/RHSA-2024:1383
reference_id RHSA-2024:1383
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1383
213
reference_url https://access.redhat.com/errata/RHSA-2024:1557
reference_id RHSA-2024:1557
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1557
214
reference_url https://access.redhat.com/errata/RHSA-2024:1859
reference_id RHSA-2024:1859
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1859
215
reference_url https://access.redhat.com/errata/RHSA-2024:2728
reference_id RHSA-2024:2728
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2728
216
reference_url https://access.redhat.com/errata/RHSA-2024:2735
reference_id RHSA-2024:2735
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2735
217
reference_url https://access.redhat.com/errata/RHSA-2024:2768
reference_id RHSA-2024:2768
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2768
218
reference_url https://access.redhat.com/errata/RHSA-2024:2988
reference_id RHSA-2024:2988
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2988
219
reference_url https://access.redhat.com/errata/RHSA-2024:3479
reference_id RHSA-2024:3479
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3479
220
reference_url https://access.redhat.com/errata/RHSA-2024:3634
reference_id RHSA-2024:3634
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3634
221
reference_url https://access.redhat.com/errata/RHSA-2024:3635
reference_id RHSA-2024:3635
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3635
222
reference_url https://access.redhat.com/errata/RHSA-2024:3636
reference_id RHSA-2024:3636
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3636
223
reference_url https://access.redhat.com/errata/RHSA-2024:3918
reference_id RHSA-2024:3918
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3918
224
reference_url https://access.redhat.com/errata/RHSA-2024:4010
reference_id RHSA-2024:4010
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4010
225
reference_url https://access.redhat.com/errata/RHSA-2024:4151
reference_id RHSA-2024:4151
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4151
226
reference_url https://access.redhat.com/errata/RHSA-2024:4329
reference_id RHSA-2024:4329
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4329
227
reference_url https://access.redhat.com/errata/RHSA-2024:4479
reference_id RHSA-2024:4479
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4479
228
reference_url https://access.redhat.com/errata/RHSA-2024:4484
reference_id RHSA-2024:4484
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4484
229
reference_url https://access.redhat.com/errata/RHSA-2024:4597
reference_id RHSA-2024:4597
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4597
230
reference_url https://access.redhat.com/errata/RHSA-2024:4662
reference_id RHSA-2024:4662
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4662
231
reference_url https://access.redhat.com/errata/RHSA-2024:4955
reference_id RHSA-2024:4955
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4955
232
reference_url https://access.redhat.com/errata/RHSA-2024:4959
reference_id RHSA-2024:4959
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4959
233
reference_url https://access.redhat.com/errata/RHSA-2024:5200
reference_id RHSA-2024:5200
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5200
234
reference_url https://access.redhat.com/errata/RHSA-2024:5432
reference_id RHSA-2024:5432
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5432
235
reference_url https://access.redhat.com/errata/RHSA-2024:5433
reference_id RHSA-2024:5433
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5433
236
reference_url https://access.redhat.com/errata/RHSA-2024:5438
reference_id RHSA-2024:5438
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5438
237
reference_url https://access.redhat.com/errata/RHSA-2024:8235
reference_id RHSA-2024:8235
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:8235
238
reference_url https://access.redhat.com/errata/RHSA-2025:4664
reference_id RHSA-2025:4664
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4664
239
reference_url https://usn.ubuntu.com/6560-1/
reference_id USN-6560-1
reference_type
scores
url https://usn.ubuntu.com/6560-1/
240
reference_url https://usn.ubuntu.com/6560-2/
reference_id USN-6560-2
reference_type
scores
url https://usn.ubuntu.com/6560-2/
241
reference_url https://usn.ubuntu.com/6561-1/
reference_id USN-6561-1
reference_type
scores
url https://usn.ubuntu.com/6561-1/
242
reference_url https://usn.ubuntu.com/6585-1/
reference_id USN-6585-1
reference_type
scores
url https://usn.ubuntu.com/6585-1/
243
reference_url https://usn.ubuntu.com/6589-1/
reference_id USN-6589-1
reference_type
scores
url https://usn.ubuntu.com/6589-1/
244
reference_url https://usn.ubuntu.com/6598-1/
reference_id USN-6598-1
reference_type
scores
url https://usn.ubuntu.com/6598-1/
245
reference_url https://usn.ubuntu.com/6738-1/
reference_id USN-6738-1
reference_type
scores
url https://usn.ubuntu.com/6738-1/
246
reference_url https://usn.ubuntu.com/7051-1/
reference_id USN-7051-1
reference_type
scores
url https://usn.ubuntu.com/7051-1/
247
reference_url https://usn.ubuntu.com/7292-1/
reference_id USN-7292-1
reference_type
scores
url https://usn.ubuntu.com/7292-1/
248
reference_url https://usn.ubuntu.com/7297-1/
reference_id USN-7297-1
reference_type
scores
url https://usn.ubuntu.com/7297-1/
fixed_packages
0
url pkg:deb/debian/php-phpseclib@2.0.30-2%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/php-phpseclib@2.0.30-2%2Bdeb11u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-phpseclib@2.0.30-2%252Bdeb11u1%3Fdistro=trixie
1
url pkg:deb/debian/php-phpseclib@2.0.30-2%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/php-phpseclib@2.0.30-2%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8h2u-szq5-13ar
1
vulnerability VCID-hnn9-wcwe-ffa5
2
vulnerability VCID-ku5e-5j7s-qyc9
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-phpseclib@2.0.30-2%252Bdeb11u2%3Fdistro=trixie
2
url pkg:deb/debian/php-phpseclib@2.0.42-1%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/php-phpseclib@2.0.42-1%2Bdeb12u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-phpseclib@2.0.42-1%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/php-phpseclib@2.0.42-1%2Bdeb12u2?distro=trixie
purl pkg:deb/debian/php-phpseclib@2.0.42-1%2Bdeb12u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hnn9-wcwe-ffa5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-phpseclib@2.0.42-1%252Bdeb12u2%3Fdistro=trixie
4
url pkg:deb/debian/php-phpseclib@2.0.46-1?distro=trixie
purl pkg:deb/debian/php-phpseclib@2.0.46-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-phpseclib@2.0.46-1%3Fdistro=trixie
5
url pkg:deb/debian/php-phpseclib@2.0.48-3?distro=trixie
purl pkg:deb/debian/php-phpseclib@2.0.48-3?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hnn9-wcwe-ffa5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-phpseclib@2.0.48-3%3Fdistro=trixie
6
url pkg:deb/debian/php-phpseclib@2.0.52-1?distro=trixie
purl pkg:deb/debian/php-phpseclib@2.0.52-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hnn9-wcwe-ffa5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-phpseclib@2.0.52-1%3Fdistro=trixie
7
url pkg:deb/debian/php-phpseclib@2.0.53-1?distro=trixie
purl pkg:deb/debian/php-phpseclib@2.0.53-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-phpseclib@2.0.53-1%3Fdistro=trixie
aliases CVE-2023-48795, GHSA-45x7-px36-x8w8
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jzn6-bzzf-nugp
4
url VCID-ku5e-5j7s-qyc9
vulnerability_id VCID-ku5e-5j7s-qyc9
summary 
phpseclib's AES-CBC unpadding susceptible to padding oracle timing attack
### Impact
Those using AES in CBC mode may be susceptible to a padding oracle timing attack.

### Patches
https://github.com/phpseclib/phpseclib/commit/ccc21aef71eb170e9bf819b167e67d1fd9e6e788

### Workarounds
Use AES in CTR, CFB or OFB modes
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-32935
reference_id
reference_type
scores
0
value 0.00014
scoring_system epss
scoring_elements 0.02587
published_at 2026-04-16T12:55:00Z
1
value 0.00014
scoring_system epss
scoring_elements 0.02604
published_at 2026-04-13T12:55:00Z
2
value 0.00014
scoring_system epss
scoring_elements 0.02595
published_at 2026-04-18T12:55:00Z
3
value 0.00015
scoring_system epss
scoring_elements 0.02838
published_at 2026-04-07T12:55:00Z
4
value 0.00015
scoring_system epss
scoring_elements 0.0284
published_at 2026-04-08T12:55:00Z
5
value 0.00015
scoring_system epss
scoring_elements 0.02816
published_at 2026-04-02T12:55:00Z
6
value 0.00015
scoring_system epss
scoring_elements 0.0283
published_at 2026-04-11T12:55:00Z
7
value 0.00015
scoring_system epss
scoring_elements 0.02811
published_at 2026-04-12T12:55:00Z
8
value 0.00015
scoring_system epss
scoring_elements 0.02861
published_at 2026-04-09T12:55:00Z
9
value 0.0002
scoring_system epss
scoring_elements 0.05315
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-32935
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32935
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32935
2
reference_url https://github.com/phpseclib/phpseclib
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/phpseclib/phpseclib
3
reference_url https://github.com/phpseclib/phpseclib/commit/ccc21aef71eb170e9bf819b167e67d1fd9e6e788
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-20T16:31:59Z/
url https://github.com/phpseclib/phpseclib/commit/ccc21aef71eb170e9bf819b167e67d1fd9e6e788
4
reference_url https://github.com/phpseclib/phpseclib/security/advisories/GHSA-94g3-g5v7-q4jg
reference_id
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-20T16:31:59Z/
url https://github.com/phpseclib/phpseclib/security/advisories/GHSA-94g3-g5v7-q4jg
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-32935
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-32935
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131482
reference_id 1131482
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131482
7
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131483
reference_id 1131483
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131483
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131484
reference_id 1131484
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131484
9
reference_url https://github.com/advisories/GHSA-94g3-g5v7-q4jg
reference_id GHSA-94g3-g5v7-q4jg
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-94g3-g5v7-q4jg
fixed_packages
0
url pkg:deb/debian/php-phpseclib@2.0.42-1%2Bdeb12u2?distro=trixie
purl pkg:deb/debian/php-phpseclib@2.0.42-1%2Bdeb12u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hnn9-wcwe-ffa5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-phpseclib@2.0.42-1%252Bdeb12u2%3Fdistro=trixie
1
url pkg:deb/debian/php-phpseclib@2.0.42-1%2Bdeb12u3?distro=trixie
purl pkg:deb/debian/php-phpseclib@2.0.42-1%2Bdeb12u3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-phpseclib@2.0.42-1%252Bdeb12u3%3Fdistro=trixie
2
url pkg:deb/debian/php-phpseclib@2.0.48-3?distro=trixie
purl pkg:deb/debian/php-phpseclib@2.0.48-3?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hnn9-wcwe-ffa5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-phpseclib@2.0.48-3%3Fdistro=trixie
3
url pkg:deb/debian/php-phpseclib@2.0.48-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/php-phpseclib@2.0.48-3%2Bdeb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-phpseclib@2.0.48-3%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/php-phpseclib@2.0.52-1?distro=trixie
purl pkg:deb/debian/php-phpseclib@2.0.52-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hnn9-wcwe-ffa5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-phpseclib@2.0.52-1%3Fdistro=trixie
5
url pkg:deb/debian/php-phpseclib@2.0.53-1?distro=trixie
purl pkg:deb/debian/php-phpseclib@2.0.53-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-phpseclib@2.0.53-1%3Fdistro=trixie
aliases CVE-2026-32935, GHSA-94g3-g5v7-q4jg
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ku5e-5j7s-qyc9
5
url VCID-ndjx-6ned-93bd
vulnerability_id VCID-ndjx-6ned-93bd
summary 
Improper Certificate Validation in phpseclib
phpseclib before 2.0.31 and 3.x before 3.0.7 mishandles RSA PKCS#1 v1.5 signature verification.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-30130
reference_id
reference_type
scores
0
value 0.00595
scoring_system epss
scoring_elements 0.69353
published_at 2026-04-16T12:55:00Z
1
value 0.00595
scoring_system epss
scoring_elements 0.69343
published_at 2026-04-21T12:55:00Z
2
value 0.00595
scoring_system epss
scoring_elements 0.69363
published_at 2026-04-18T12:55:00Z
3
value 0.00595
scoring_system epss
scoring_elements 0.69257
published_at 2026-04-01T12:55:00Z
4
value 0.00595
scoring_system epss
scoring_elements 0.6927
published_at 2026-04-02T12:55:00Z
5
value 0.00595
scoring_system epss
scoring_elements 0.69288
published_at 2026-04-04T12:55:00Z
6
value 0.00595
scoring_system epss
scoring_elements 0.69269
published_at 2026-04-07T12:55:00Z
7
value 0.00595
scoring_system epss
scoring_elements 0.69318
published_at 2026-04-08T12:55:00Z
8
value 0.00595
scoring_system epss
scoring_elements 0.69336
published_at 2026-04-09T12:55:00Z
9
value 0.00595
scoring_system epss
scoring_elements 0.69358
published_at 2026-04-11T12:55:00Z
10
value 0.00595
scoring_system epss
scoring_elements 0.69342
published_at 2026-04-12T12:55:00Z
11
value 0.00595
scoring_system epss
scoring_elements 0.69314
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-30130
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30130
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30130
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/phpseclib/phpseclib/CVE-2021-30130.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/phpseclib/phpseclib/CVE-2021-30130.yaml
3
reference_url https://github.com/phpseclib/phpseclib/pull/1635
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/phpseclib/phpseclib/pull/1635
4
reference_url https://github.com/phpseclib/phpseclib/releases/tag/2.0.31
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/phpseclib/phpseclib/releases/tag/2.0.31
5
reference_url https://github.com/phpseclib/phpseclib/releases/tag/3.0.7
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/phpseclib/phpseclib/releases/tag/3.0.7
6
reference_url https://lists.debian.org/debian-lts-announce/2022/11/msg00024.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2022/11/msg00024.html
7
reference_url https://lists.debian.org/debian-lts-announce/2022/11/msg00025.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2022/11/msg00025.html
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-30130
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-30130
9
reference_url https://github.com/advisories/GHSA-vf4w-fg7r-5v94
reference_id GHSA-vf4w-fg7r-5v94
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vf4w-fg7r-5v94
10
reference_url https://usn.ubuntu.com/7404-1/
reference_id USN-7404-1
reference_type
scores
url https://usn.ubuntu.com/7404-1/
fixed_packages
0
url pkg:deb/debian/php-phpseclib@2.0.30-2?distro=trixie
purl pkg:deb/debian/php-phpseclib@2.0.30-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-phpseclib@2.0.30-2%3Fdistro=trixie
1
url pkg:deb/debian/php-phpseclib@2.0.30-2%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/php-phpseclib@2.0.30-2%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8h2u-szq5-13ar
1
vulnerability VCID-hnn9-wcwe-ffa5
2
vulnerability VCID-ku5e-5j7s-qyc9
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-phpseclib@2.0.30-2%252Bdeb11u2%3Fdistro=trixie
2
url pkg:deb/debian/php-phpseclib@2.0.42-1%2Bdeb12u2?distro=trixie
purl pkg:deb/debian/php-phpseclib@2.0.42-1%2Bdeb12u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hnn9-wcwe-ffa5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-phpseclib@2.0.42-1%252Bdeb12u2%3Fdistro=trixie
3
url pkg:deb/debian/php-phpseclib@2.0.48-3?distro=trixie
purl pkg:deb/debian/php-phpseclib@2.0.48-3?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hnn9-wcwe-ffa5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-phpseclib@2.0.48-3%3Fdistro=trixie
4
url pkg:deb/debian/php-phpseclib@2.0.52-1?distro=trixie
purl pkg:deb/debian/php-phpseclib@2.0.52-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hnn9-wcwe-ffa5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-phpseclib@2.0.52-1%3Fdistro=trixie
5
url pkg:deb/debian/php-phpseclib@2.0.53-1?distro=trixie
purl pkg:deb/debian/php-phpseclib@2.0.53-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/php-phpseclib@2.0.53-1%3Fdistro=trixie
aliases CVE-2021-30130, GHSA-vf4w-fg7r-5v94
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ndjx-6ned-93bd
Risk_score1.6
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/php-phpseclib@2.0.52-1%3Fdistro=trixie