Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/93543?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/93543?format=api", "purl": "pkg:deb/debian/erlang@1:23.2.6%2Bdfsg-1%2Bdeb11u1?distro=trixie", "type": "deb", "namespace": "debian", "name": "erlang", "version": "1:23.2.6+dfsg-1+deb11u1", "qualifiers": { "distro": "trixie" }, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "1:23.2.6+dfsg-1+deb11u2", "latest_non_vulnerable_version": "1:27.3.4.12+dfsg-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59297?format=api", "vulnerability_id": "VCID-2uh8-nhph-gfb6", "summary": "erlang: Erlang OTP public_key: Certificate chain forgery via improper trust chain validation", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42789.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42789.json" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482093", "reference_id": "2482093", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482093" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93544?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.12%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.12%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-42789" ], "risk_score": 3.6, "exploitability": "0.5", "weighted_severity": "7.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2uh8-nhph-gfb6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66632?format=api", "vulnerability_id": "VCID-883b-48uw-6yag", "summary": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP ssh (ssh_sftpd module) allows an authenticated SFTP user to modify file attributes outside the configured chroot directory. The SFTP daemon (ssh_sftpd) stores the raw, user-supplied path in file handles instead of the chroot-resolved path. When SSH_FXP_FSETSTAT is issued on such a handle, file attributes (permissions, ownership, timestamps) are modified on the real filesystem path, bypassing the root directory boundary entirely. Any authenticated SFTP user on a server configured with the root option can modify file attributes of files outside the intended chroot boundary. The prerequisite is that a target file must exist on the real filesystem at the same relative path. Note that this vulnerability only allows modification of file attributes; file contents cannot be read or altered through this attack vector. If the SSH daemon runs as root, this enables direct privilege escalation: an attacker can set the setuid bit on any binary, change ownership of sensitive files, or make system configuration world-writable. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl and program routines ssh_sftpd:do_open/4 and ssh_sftpd:handle_op/4. This issue affects OTP from OTP 17.0 until OTP 28.4.3, 27.3.4.11, and 26.2.5.20 corresponding to ssh from 3.01 until 5.5.3, 5.2.11.7, and 5.1.4.15.", "references": [], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93574?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.11%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.11%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93544?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.12%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.12%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-32147" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-883b-48uw-6yag" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66612?format=api", "vulnerability_id": "VCID-b3hg-mjga-nbg1", "summary": "inets in Erlang possibly 22.1 and earlier follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an \"httpoxy\" issue.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1000107.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1000107.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-1000107", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00399", "scoring_system": "epss", "scoring_elements": "0.60987", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-1000107" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1115086", "reference_id": "1115086", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1115086" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1824460", "reference_id": "1824460", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1824460" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93551?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.1%2Bdfsg-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.1%252Bdfsg-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93545?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.1%2Bdfsg-1%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uh8-nhph-gfb6" }, { "vulnerability": "VCID-883b-48uw-6yag" }, { "vulnerability": "VCID-aqqx-g7d3-1yfy" }, { "vulnerability": "VCID-dazh-ypb5-akfp" }, { "vulnerability": "VCID-n6dc-39d1-83cr" }, { "vulnerability": "VCID-ryy7-f45d-yyhv" }, { "vulnerability": "VCID-wsby-unw4-zqe7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.1%252Bdfsg-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93550?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.3%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.3%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93544?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.12%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.12%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-1000107" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b3hg-mjga-nbg1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63450?format=api", "vulnerability_id": "VCID-dazh-ypb5-akfp", "summary": "erlang/otp: Erlang/OTP kernel: DNS cache poisoning via predictable DNS transaction IDs", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28810.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28810.json" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455868", "reference_id": "2455868", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455868" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93573?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.10%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.10%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93544?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.12%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.12%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-28810" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dazh-ypb5-akfp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66623?format=api", "vulnerability_id": "VCID-dccw-cx8r-r7a1", "summary": "Erlang/OTP is a set of libraries for the Erlang programming language. In versions prior to OTP-27.3.4 (for OTP-27), OTP-26.2.5.12 (for OTP-26), and OTP-25.3.2.21 (for OTP-25), Erlang/OTP SSH fails to enforce strict KEX handshake hardening measures by allowing optional messages to be exchanged. This allows a Man-in-the-Middle attacker to inject these messages in a connection during the handshake. This issue has been patched in versions OTP-27.3.4 (for OTP-27), OTP-26.2.5.12 (for OTP-26), and OTP-25.3.2.21 (for OTP-25).", "references": [ { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104963", "reference_id": "1104963", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104963" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93566?format=api", "purl": "pkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:25.2.3%252Bdfsg-1%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93541?format=api", "purl": "pkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uh8-nhph-gfb6" }, { "vulnerability": "VCID-883b-48uw-6yag" }, { "vulnerability": "VCID-b3hg-mjga-nbg1" }, { "vulnerability": "VCID-dazh-ypb5-akfp" }, { "vulnerability": "VCID-ryy7-f45d-yyhv" }, { "vulnerability": "VCID-wsby-unw4-zqe7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:25.2.3%252Bdfsg-1%252Bdeb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93567?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93545?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.1%2Bdfsg-1%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uh8-nhph-gfb6" }, { "vulnerability": "VCID-883b-48uw-6yag" }, { "vulnerability": "VCID-aqqx-g7d3-1yfy" }, { "vulnerability": "VCID-dazh-ypb5-akfp" }, { "vulnerability": "VCID-n6dc-39d1-83cr" }, { "vulnerability": "VCID-ryy7-f45d-yyhv" }, { "vulnerability": "VCID-wsby-unw4-zqe7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.1%252Bdfsg-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93544?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.12%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.12%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-46712" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dccw-cx8r-r7a1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63447?format=api", "vulnerability_id": "VCID-ryy7-f45d-yyhv", "summary": "erlang/otp: inets: Erlang OTP inets modules: Unauthenticated access to protected CGI scripts via incorrect authorization", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28808.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28808.json" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455909", "reference_id": "2455909", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455909" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93573?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.10%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.10%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93544?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.12%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.12%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-28808" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ryy7-f45d-yyhv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66633?format=api", "vulnerability_id": "VCID-wsby-unw4-zqe7", "summary": "Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_cert and public_key modules) allows a DNS nameConstraints bypass via subject CommonName fallback in TLS hostname verification. Two flaws combine to allow a subordinate CA whose DNS nameConstraints are restricted (e.g. permitted;DNS:allowed.example.com) to issue a leaf certificate that an OTP TLS client accepts as a valid identity for an out-of-scope hostname (e.g. victim.example.com) First, pubkey_cert:validate_names/6 in lib/public_key/src/pubkey_cert.erl only checks SAN DNS entries against nameConstraints. Per RFC 5280, a permitted DNS subtree only restricts certificates that contain a DNS-typed name. A leaf with no subjectAltName therefore trivially satisfies any permitted;DNS:... constraint regardless of its subject commonName. Second, public_key:pkix_verify_hostname/3 in lib/public_key/src/public_key.erl falls back to the subject commonName when no subjectAltName is present, extracting id-at-commonName attributes as presented IDs and matching them against the reference hostname. The strict pkix_verify_hostname_match_fun(https) matcher does not suppress this fallback. The result is that path validation accepts a CN-only leaf under a DNS-constrained intermediate (no SAN means the nameConstraints are not triggered), and hostname verification then accepts it via the CN fallback. The bypass is reachable from stock ssl:connect with verify_peer, a trusted CA, SNI, and the canonical strict https hostname matcher. This issue affects OTP from OTP 19.3 before OTP 26.2.5.21, 27.3.4.12, 28.5.0.1, and 29.0.1 corresponding to public_key from 1.4 before 1.15.1.7, 1.17.1.3, 1.20.3.1, and 1.21.1.", "references": [], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93544?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.12%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.12%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-42790" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wsby-unw4-zqe7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66626?format=api", "vulnerability_id": "VCID-yyfx-f783-fqgk", "summary": "Uncontrolled Resource Consumption vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Flooding. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl. This issue affects OTP form OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and 26.2.5.15 corresponding to ssh from 3.0.1 until 5.3.3, 5.2.11.3 and 5.1.4.12.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48040.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48040.json" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1115091", "reference_id": "1115091", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1115091" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2394521", "reference_id": "2394521", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2394521" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93541?format=api", "purl": "pkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uh8-nhph-gfb6" }, { "vulnerability": "VCID-883b-48uw-6yag" }, { "vulnerability": "VCID-b3hg-mjga-nbg1" }, { "vulnerability": "VCID-dazh-ypb5-akfp" }, { "vulnerability": "VCID-ryy7-f45d-yyhv" }, { "vulnerability": "VCID-wsby-unw4-zqe7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:25.2.3%252Bdfsg-1%252Bdeb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93551?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.1%2Bdfsg-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.1%252Bdfsg-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93545?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.1%2Bdfsg-1%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uh8-nhph-gfb6" }, { "vulnerability": "VCID-883b-48uw-6yag" }, { "vulnerability": "VCID-aqqx-g7d3-1yfy" }, { "vulnerability": "VCID-dazh-ypb5-akfp" }, { "vulnerability": "VCID-n6dc-39d1-83cr" }, { "vulnerability": "VCID-ryy7-f45d-yyhv" }, { "vulnerability": "VCID-wsby-unw4-zqe7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.1%252Bdfsg-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93550?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.3%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.3%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93544?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.12%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.12%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-48040" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yyfx-f783-fqgk" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61375?format=api", "vulnerability_id": "VCID-14yd-vsj7-e3bv", "summary": "The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the \"POODLE\" issue.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3566.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3566.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3566", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.93538", "scoring_system": "epss", "scoring_elements": "0.99838", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3566" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4929", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4929" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6585", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6585" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6587", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6587" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6591", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6591" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6593", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6593" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6601", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6601" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0383", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0383" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0395", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0395" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0407", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0407" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0408", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0408" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0410", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0410" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0412", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0412" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1152789", "reference_id": "1152789", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1152789" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765539", "reference_id": "765539", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765539" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765702", "reference_id": "765702", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765702" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768164", "reference_id": "768164", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768164" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=769904", "reference_id": "769904", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=769904" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771359", "reference_id": "771359", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771359" }, { "reference_url": "https://security.gentoo.org/glsa/201411-10", "reference_id": "GLSA-201411-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201411-10" }, { "reference_url": "https://security.gentoo.org/glsa/201507-14", "reference_id": "GLSA-201507-14", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201507-14" }, { "reference_url": "https://security.gentoo.org/glsa/201606-11", "reference_id": "GLSA-201606-11", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201606-11" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1876", "reference_id": "RHSA-2014:1876", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1876" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1877", "reference_id": "RHSA-2014:1877", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1877" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1880", "reference_id": "RHSA-2014:1880", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1880" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1881", "reference_id": "RHSA-2014:1881", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1881" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1882", "reference_id": "RHSA-2014:1882", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1882" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1920", "reference_id": "RHSA-2014:1920", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1920" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0010", "reference_id": "RHSA-2015:0010", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0010" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0011", "reference_id": "RHSA-2015:0011", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0011" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0012", "reference_id": "RHSA-2015:0012", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0012" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0067", "reference_id": "RHSA-2015:0067", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0067" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0068", "reference_id": "RHSA-2015:0068", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0068" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0069", "reference_id": "RHSA-2015:0069", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0069" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0079", "reference_id": "RHSA-2015:0079", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0079" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0080", "reference_id": "RHSA-2015:0080", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0080" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0085", "reference_id": "RHSA-2015:0085", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0085" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0086", "reference_id": "RHSA-2015:0086", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0086" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0264", "reference_id": "RHSA-2015:0264", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0264" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1545", "reference_id": "RHSA-2015:1545", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:1545" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1546", "reference_id": "RHSA-2015:1546", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:1546" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93548?format=api", "purl": "pkg:deb/debian/erlang@1:17.3-dfsg-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:17.3-dfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93543?format=api", "purl": "pkg:deb/debian/erlang@1:23.2.6%2Bdfsg-1%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uh8-nhph-gfb6" }, { "vulnerability": "VCID-883b-48uw-6yag" }, { "vulnerability": "VCID-b3hg-mjga-nbg1" }, { "vulnerability": "VCID-dazh-ypb5-akfp" }, { "vulnerability": "VCID-dccw-cx8r-r7a1" }, { "vulnerability": "VCID-ryy7-f45d-yyhv" }, { "vulnerability": "VCID-wsby-unw4-zqe7" }, { "vulnerability": "VCID-yyfx-f783-fqgk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:23.2.6%252Bdfsg-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93541?format=api", "purl": "pkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uh8-nhph-gfb6" }, { "vulnerability": "VCID-883b-48uw-6yag" }, { "vulnerability": "VCID-b3hg-mjga-nbg1" }, { "vulnerability": "VCID-dazh-ypb5-akfp" }, { "vulnerability": "VCID-ryy7-f45d-yyhv" }, { "vulnerability": "VCID-wsby-unw4-zqe7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:25.2.3%252Bdfsg-1%252Bdeb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93545?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.1%2Bdfsg-1%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uh8-nhph-gfb6" }, { "vulnerability": "VCID-883b-48uw-6yag" }, { "vulnerability": "VCID-aqqx-g7d3-1yfy" }, { "vulnerability": "VCID-dazh-ypb5-akfp" }, { "vulnerability": "VCID-n6dc-39d1-83cr" }, { "vulnerability": "VCID-ryy7-f45d-yyhv" }, { "vulnerability": "VCID-wsby-unw4-zqe7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.1%252Bdfsg-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93544?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.12%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.12%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-3566" ], "risk_score": 1.6, "exploitability": "2.0", "weighted_severity": "0.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-14yd-vsj7-e3bv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66621?format=api", "vulnerability_id": "VCID-1cn7-ggkr-hqaq", "summary": "Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.1, 26.2.5.10, and 25.3.2.19, a maliciously formed KEX init message can result with high memory usage. Implementation does not verify RFC specified limits on algorithm names (64 characters) provided in KEX init message. Big KEX init packet may lead to inefficient processing of the error data. As a result, large amount of memory will be allocated for processing malicious data. Versions OTP-27.3.1, OTP-26.2.5.10, and OTP-25.3.2.19 fix the issue. Some workarounds are available. One may set option `parallel_login` to `false` and/or reduce the `max_sessions` option.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-30211.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-30211.json" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1101713", "reference_id": "1101713", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1101713" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2355785", "reference_id": "2355785", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2355785" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93543?format=api", "purl": "pkg:deb/debian/erlang@1:23.2.6%2Bdfsg-1%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uh8-nhph-gfb6" }, { "vulnerability": "VCID-883b-48uw-6yag" }, { "vulnerability": "VCID-b3hg-mjga-nbg1" }, { "vulnerability": "VCID-dazh-ypb5-akfp" }, { "vulnerability": "VCID-dccw-cx8r-r7a1" }, { "vulnerability": "VCID-ryy7-f45d-yyhv" }, { "vulnerability": "VCID-wsby-unw4-zqe7" }, { "vulnerability": "VCID-yyfx-f783-fqgk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:23.2.6%252Bdfsg-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93560?format=api", "purl": "pkg:deb/debian/erlang@1:23.2.6%2Bdfsg-1%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:23.2.6%252Bdfsg-1%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93559?format=api", "purl": "pkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:25.2.3%252Bdfsg-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93541?format=api", "purl": "pkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uh8-nhph-gfb6" }, { "vulnerability": "VCID-883b-48uw-6yag" }, { "vulnerability": "VCID-b3hg-mjga-nbg1" }, { "vulnerability": "VCID-dazh-ypb5-akfp" }, { "vulnerability": "VCID-ryy7-f45d-yyhv" }, { "vulnerability": "VCID-wsby-unw4-zqe7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:25.2.3%252Bdfsg-1%252Bdeb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93564?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.1%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93545?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.1%2Bdfsg-1%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uh8-nhph-gfb6" }, { "vulnerability": "VCID-883b-48uw-6yag" }, { "vulnerability": "VCID-aqqx-g7d3-1yfy" }, { "vulnerability": "VCID-dazh-ypb5-akfp" }, { "vulnerability": "VCID-n6dc-39d1-83cr" }, { "vulnerability": "VCID-ryy7-f45d-yyhv" }, { "vulnerability": "VCID-wsby-unw4-zqe7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.1%252Bdfsg-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93544?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.12%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.12%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-30211" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1cn7-ggkr-hqaq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6797?format=api", "vulnerability_id": "VCID-1hcf-thw4-z3d2", "summary": "arbitrary file overwrite", "references": [ { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107939", "reference_id": "1107939", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107939" }, { "reference_url": "https://security.archlinux.org/AVG-2900", "reference_id": "AVG-2900", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2900" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93543?format=api", "purl": "pkg:deb/debian/erlang@1:23.2.6%2Bdfsg-1%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uh8-nhph-gfb6" }, { "vulnerability": "VCID-883b-48uw-6yag" }, { "vulnerability": "VCID-b3hg-mjga-nbg1" }, { "vulnerability": "VCID-dazh-ypb5-akfp" }, { "vulnerability": "VCID-dccw-cx8r-r7a1" }, { "vulnerability": "VCID-ryy7-f45d-yyhv" }, { "vulnerability": "VCID-wsby-unw4-zqe7" }, { "vulnerability": "VCID-yyfx-f783-fqgk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:23.2.6%252Bdfsg-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93568?format=api", "purl": "pkg:deb/debian/erlang@1:23.2.6%2Bdfsg-1%2Bdeb11u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:23.2.6%252Bdfsg-1%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93566?format=api", "purl": "pkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:25.2.3%252Bdfsg-1%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93541?format=api", "purl": "pkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uh8-nhph-gfb6" }, { "vulnerability": "VCID-883b-48uw-6yag" }, { "vulnerability": "VCID-b3hg-mjga-nbg1" }, { "vulnerability": "VCID-dazh-ypb5-akfp" }, { "vulnerability": "VCID-ryy7-f45d-yyhv" }, { "vulnerability": "VCID-wsby-unw4-zqe7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:25.2.3%252Bdfsg-1%252Bdeb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93569?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.1%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93545?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.1%2Bdfsg-1%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uh8-nhph-gfb6" }, { "vulnerability": "VCID-883b-48uw-6yag" }, { "vulnerability": "VCID-aqqx-g7d3-1yfy" }, { "vulnerability": "VCID-dazh-ypb5-akfp" }, { "vulnerability": "VCID-n6dc-39d1-83cr" }, { "vulnerability": "VCID-ryy7-f45d-yyhv" }, { "vulnerability": "VCID-wsby-unw4-zqe7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.1%252Bdfsg-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93544?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.12%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.12%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-4748" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1hcf-thw4-z3d2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66625?format=api", "vulnerability_id": "VCID-1jj9-3wt9-8yc6", "summary": "Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Resource Leak Exposure. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl. This issue affects OTP form OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and 26.2.5.15 corresponding to ssh from 3.0.1 until 5.3.3, 5.2.11.3 and 5.1.4.12.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48039.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48039.json" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1115092", "reference_id": "1115092", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1115092" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2394523", "reference_id": "2394523", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2394523" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93543?format=api", "purl": "pkg:deb/debian/erlang@1:23.2.6%2Bdfsg-1%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uh8-nhph-gfb6" }, { "vulnerability": "VCID-883b-48uw-6yag" }, { "vulnerability": "VCID-b3hg-mjga-nbg1" }, { "vulnerability": "VCID-dazh-ypb5-akfp" }, { "vulnerability": "VCID-dccw-cx8r-r7a1" }, { "vulnerability": "VCID-ryy7-f45d-yyhv" }, { "vulnerability": "VCID-wsby-unw4-zqe7" }, { "vulnerability": "VCID-yyfx-f783-fqgk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:23.2.6%252Bdfsg-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93568?format=api", "purl": "pkg:deb/debian/erlang@1:23.2.6%2Bdfsg-1%2Bdeb11u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:23.2.6%252Bdfsg-1%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93541?format=api", "purl": "pkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uh8-nhph-gfb6" }, { "vulnerability": "VCID-883b-48uw-6yag" }, { "vulnerability": "VCID-b3hg-mjga-nbg1" }, { "vulnerability": "VCID-dazh-ypb5-akfp" }, { "vulnerability": "VCID-ryy7-f45d-yyhv" }, { "vulnerability": "VCID-wsby-unw4-zqe7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:25.2.3%252Bdfsg-1%252Bdeb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93551?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.1%2Bdfsg-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.1%252Bdfsg-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93545?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.1%2Bdfsg-1%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uh8-nhph-gfb6" }, { "vulnerability": "VCID-883b-48uw-6yag" }, { "vulnerability": "VCID-aqqx-g7d3-1yfy" }, { "vulnerability": "VCID-dazh-ypb5-akfp" }, { "vulnerability": "VCID-n6dc-39d1-83cr" }, { "vulnerability": "VCID-ryy7-f45d-yyhv" }, { "vulnerability": "VCID-wsby-unw4-zqe7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.1%252Bdfsg-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93550?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.3%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.3%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93544?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.12%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.12%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-48039" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1jj9-3wt9-8yc6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66631?format=api", "vulnerability_id": "VCID-2wmc-yahz-pbcj", "summary": "Improper Handling of Highly Compressed Data (Compression Bomb) vulnerability in Erlang OTP ssh (ssh_transport modules) allows Denial of Service via Resource Depletion. The SSH transport layer advertises legacy zlib compression by default and inflates attacker-controlled payloads pre-authentication without any size limit, enabling reliable memory exhaustion DoS. Two compression algorithms are affected: * zlib: Activates immediately after key exchange, enabling unauthenticated attacks * zlib@openssh.com: Activates post-authentication, enabling authenticated attacks Each SSH packet can decompress ~255 MB from 256 KB of wire data (1029:1 amplification ratio). Multiple packets can rapidly exhaust available memory, causing OOM kills in memory-constrained environments. This vulnerability is associated with program files lib/ssh/src/ssh_transport.erl and program routines ssh_transport:decompress/2, ssh_transport:handle_packet_part/4. This issue affects OTP from OTP 17.0 until OTP 28.4.1, 27.3.4.9 and 26.2.5.18 corresponding to ssh from 3.0.1 until 5.5.1, 5.2.11.6 and 5.1.4.14.", "references": [ { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130912", "reference_id": "1130912", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130912" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93543?format=api", "purl": "pkg:deb/debian/erlang@1:23.2.6%2Bdfsg-1%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uh8-nhph-gfb6" }, { "vulnerability": "VCID-883b-48uw-6yag" }, { "vulnerability": "VCID-b3hg-mjga-nbg1" }, { "vulnerability": "VCID-dazh-ypb5-akfp" }, { "vulnerability": "VCID-dccw-cx8r-r7a1" }, { "vulnerability": "VCID-ryy7-f45d-yyhv" }, { "vulnerability": "VCID-wsby-unw4-zqe7" }, { "vulnerability": "VCID-yyfx-f783-fqgk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:23.2.6%252Bdfsg-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93570?format=api", "purl": "pkg:deb/debian/erlang@1:23.2.6%2Bdfsg-1%2Bdeb11u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:23.2.6%252Bdfsg-1%252Bdeb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93541?format=api", "purl": "pkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uh8-nhph-gfb6" }, { "vulnerability": "VCID-883b-48uw-6yag" }, { "vulnerability": "VCID-b3hg-mjga-nbg1" }, { "vulnerability": "VCID-dazh-ypb5-akfp" }, { "vulnerability": "VCID-ryy7-f45d-yyhv" }, { "vulnerability": "VCID-wsby-unw4-zqe7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:25.2.3%252Bdfsg-1%252Bdeb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93545?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.1%2Bdfsg-1%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uh8-nhph-gfb6" }, { "vulnerability": "VCID-883b-48uw-6yag" }, { "vulnerability": "VCID-aqqx-g7d3-1yfy" }, { "vulnerability": "VCID-dazh-ypb5-akfp" }, { "vulnerability": "VCID-n6dc-39d1-83cr" }, { "vulnerability": "VCID-ryy7-f45d-yyhv" }, { "vulnerability": "VCID-wsby-unw4-zqe7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.1%252Bdfsg-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93572?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.9%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.9%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93544?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.12%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.12%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-23943" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2wmc-yahz-pbcj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46693?format=api", "vulnerability_id": "VCID-38u7-pvx6-ayb4", "summary": "Improper Validation of Integrity Check Value\nThe SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.", "references": [ { "reference_url": "http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-48795.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-48795.json" }, { "reference_url": "https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack" }, { "reference_url": "https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/" }, { "reference_url": "https://bugs.gentoo.org/920280", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.gentoo.org/920280" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254210", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254210" }, { "reference_url": "https://bugzilla.suse.com/show_bug.cgi?id=1217950", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1217950" }, { "reference_url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html" }, { "reference_url": "https://cert-portal.siemens.com/productcert/html/ssa-364175.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-364175.html" }, { "reference_url": "https://cert-portal.siemens.com/productcert/html/ssa-769027.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-769027.html" }, { "reference_url": "https://cert-portal.siemens.com/productcert/html/ssa-794697.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-794697.html" }, { "reference_url": "https://cert-portal.siemens.com/productcert/html/ssa-915275.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-915275.html" }, { "reference_url": "https://crates.io/crates/thrussh/versions", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://crates.io/crates/thrussh/versions" }, { "reference_url": "http://seclists.org/fulldisclosure/2024/Mar/21", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/fulldisclosure/2024/Mar/21" }, { "reference_url": "https://filezilla-project.org/versions.php", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://filezilla-project.org/versions.php" }, { "reference_url": "https://forum.netgate.com/topic/184941/terrapin-ssh-attack", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://forum.netgate.com/topic/184941/terrapin-ssh-attack" }, { "reference_url": "https://github.com/apache/mina-sshd/issues/445", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/mina-sshd/issues/445" }, { "reference_url": "https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab" }, { "reference_url": "https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22" }, { "reference_url": "https://github.com/cyd01/KiTTY/issues/520", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/cyd01/KiTTY/issues/520" }, { "reference_url": "https://github.com/drakkan/sftpgo/releases/tag/v2.5.6", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/drakkan/sftpgo/releases/tag/v2.5.6" }, { "reference_url": "https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42" }, { "reference_url": "https://github.com/erlang/otp/releases/tag/OTP-26.2.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/erlang/otp/releases/tag/OTP-26.2.1" }, { "reference_url": "https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d" }, { "reference_url": "https://github.com/hierynomus/sshj/issues/916", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/hierynomus/sshj/issues/916" }, { "reference_url": "https://github.com/janmojzis/tinyssh/issues/81", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/janmojzis/tinyssh/issues/81" }, { "reference_url": "https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5" }, { "reference_url": "https://github.com/libssh2/libssh2/pull/1291", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/libssh2/libssh2/pull/1291" }, { "reference_url": "https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25" }, { "reference_url": "https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3" }, { "reference_url": "https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15" }, { "reference_url": "https://github.com/mwiede/jsch/issues/457", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mwiede/jsch/issues/457" }, { "reference_url": "https://github.com/mwiede/jsch/pull/461", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mwiede/jsch/pull/461" }, { "reference_url": "https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16" }, { "reference_url": "https://github.com/NixOS/nixpkgs/pull/275249", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/NixOS/nixpkgs/pull/275249" }, { "reference_url": "https://github.com/openssh/openssh-portable/commits/master", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openssh/openssh-portable/commits/master" }, { "reference_url": "https://github.com/paramiko/paramiko/issues/2337", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/paramiko/paramiko/issues/2337" }, { "reference_url": "https://github.com/paramiko/paramiko/issues/2337#issuecomment-1887642773", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/paramiko/paramiko/issues/2337#issuecomment-1887642773" }, { "reference_url": "https://github.com/PowerShell/Win32-OpenSSH/issues/2189", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/PowerShell/Win32-OpenSSH/issues/2189" }, { "reference_url": "https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta" }, { "reference_url": "https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES" }, { "reference_url": "https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES" }, { "reference_url": "https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES" }, { "reference_url": "https://github.com/proftpd/proftpd/issues/456", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/proftpd/proftpd/issues/456" }, { "reference_url": "https://github.com/rapier1/hpn-ssh/releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rapier1/hpn-ssh/releases" }, { "reference_url": "https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst" }, { "reference_url": "https://github.com/ronf/asyncssh/tags", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ronf/asyncssh/tags" }, { "reference_url": "https://github.com/ssh-mitm/ssh-mitm/issues/165", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ssh-mitm/ssh-mitm/issues/165" }, { "reference_url": "https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0" }, { "reference_url": "https://github.com/TeraTermProject/teraterm/releases/tag/v5.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TeraTermProject/teraterm/releases/tag/v5.1" }, { "reference_url": "https://github.com/warp-tech/russh", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/warp-tech/russh" }, { "reference_url": "https://github.com/warp-tech/russh/commit/1aa340a7df1d5be1c0f4a9e247aade76dfdd2951", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/warp-tech/russh/commit/1aa340a7df1d5be1c0f4a9e247aade76dfdd2951" }, { "reference_url": "https://github.com/warp-tech/russh/releases/tag/v0.40.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/warp-tech/russh/releases/tag/v0.40.2" }, { "reference_url": "https://gitlab.com/libssh/libssh-mirror/-/tags", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://gitlab.com/libssh/libssh-mirror/-/tags" }, { "reference_url": "https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6" }, { "reference_url": "https://go.dev/cl/550715", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://go.dev/cl/550715" }, { "reference_url": "https://go.dev/issue/64784", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://go.dev/issue/64784" }, { "reference_url": "https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ" }, { "reference_url": "https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg" }, { "reference_url": "https://help.panic.com/releasenotes/transmit5", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://help.panic.com/releasenotes/transmit5" }, { "reference_url": "https://help.panic.com/releasenotes/transmit5/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://help.panic.com/releasenotes/transmit5/" }, { "reference_url": "https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795" }, { "reference_url": "https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00042.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00042.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00032.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00032.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00028.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00028.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB" }, { "reference_url": "https://matt.ucc.asn.au/dropbear/CHANGES", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://matt.ucc.asn.au/dropbear/CHANGES" }, { "reference_url": "https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC" }, { "reference_url": "https://news.ycombinator.com/item?id=38684904", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://news.ycombinator.com/item?id=38684904" }, { "reference_url": "https://news.ycombinator.com/item?id=38685286", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://news.ycombinator.com/item?id=38685286" }, { "reference_url": "https://news.ycombinator.com/item?id=38732005", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://news.ycombinator.com/item?id=38732005" }, { "reference_url": "https://nova.app/releases/#v11.8", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nova.app/releases/#v11.8" }, { "reference_url": "https://oryx-embedded.com/download/#changelog", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://oryx-embedded.com/download/#changelog" }, { "reference_url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002" }, { "reference_url": "https://roumenpetrov.info/secsh/#news20231220", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://roumenpetrov.info/secsh/#news20231220" }, { "reference_url": "https://security.gentoo.org/glsa/202312-16", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202312-16" }, { "reference_url": "https://security.gentoo.org/glsa/202312-17", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202312-17" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240105-0004", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20240105-0004" }, { "reference_url": "https://security-tracker.debian.org/tracker/source-package/libssh2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security-tracker.debian.org/tracker/source-package/libssh2" }, { "reference_url": "https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg" }, { "reference_url": "https://security-tracker.debian.org/tracker/source-package/trilead-ssh2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security-tracker.debian.org/tracker/source-package/trilead-ssh2" }, { "reference_url": "https://support.apple.com/kb/HT214084", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://support.apple.com/kb/HT214084" }, { "reference_url": "https://twitter.com/TrueSkrillor/status/1736774389725565005", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://twitter.com/TrueSkrillor/status/1736774389725565005" }, { "reference_url": "https://winscp.net/eng/docs/history#6.2.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://winscp.net/eng/docs/history#6.2.2" }, { "reference_url": "https://www.bitvise.com/ssh-client-version-history#933", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.bitvise.com/ssh-client-version-history#933" }, { "reference_url": "https://www.bitvise.com/ssh-server-version-history", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.bitvise.com/ssh-server-version-history" }, { "reference_url": "https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html" }, { "reference_url": "https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5586", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2023/dsa-5586" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5588", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2023/dsa-5588" }, { "reference_url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc" }, { "reference_url": "https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508" }, { "reference_url": "https://www.netsarang.com/en/xshell-update-history", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.netsarang.com/en/xshell-update-history" }, { "reference_url": "https://www.netsarang.com/en/xshell-update-history/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.netsarang.com/en/xshell-update-history/" }, { "reference_url": "https://www.openssh.com/openbsd.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.openssh.com/openbsd.html" }, { "reference_url": "https://www.openssh.com/txt/release-9.6", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.openssh.com/txt/release-9.6" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2023/12/18/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.openwall.com/lists/oss-security/2023/12/18/2" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2023/12/20/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.openwall.com/lists/oss-security/2023/12/20/3" }, { "reference_url": "https://www.paramiko.org/changelog.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.paramiko.org/changelog.html" }, { "reference_url": "https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed" }, { "reference_url": "https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/" }, { "reference_url": "https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795" }, { "reference_url": "https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/" }, { "reference_url": "https://www.terrapin-attack.com", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.terrapin-attack.com" }, { "reference_url": "https://www.theregister.com/2023/12/20/terrapin_attack_ssh", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.theregister.com/2023/12/20/terrapin_attack_ssh" }, { "reference_url": "https://www.vandyke.com/products/securecrt/history.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.vandyke.com/products/securecrt/history.txt" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/12/18/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2023/12/18/3" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/12/19/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2023/12/19/5" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/12/20/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2023/12/20/3" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/03/06/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2024/03/06/3" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/04/17/8", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2024/04/17/8" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059001", "reference_id": "1059001", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059001" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059002", "reference_id": "1059002", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059002" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059003", "reference_id": "1059003", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059003" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059004", "reference_id": "1059004", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059004" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059005", "reference_id": "1059005", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059005" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059006", "reference_id": "1059006", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059006" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059007", "reference_id": "1059007", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059007" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059058", "reference_id": "1059058", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059058" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059144", "reference_id": "1059144", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059144" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059290", "reference_id": "1059290", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059290" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059294", "reference_id": "1059294", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059294" }, { "reference_url": "https://access.redhat.com/security/cve/cve-2023-48795", "reference_id": "CVE-2023-48795", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/cve-2023-48795" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795", "reference_id": "CVE-2023-48795", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795" }, { "reference_url": "https://security-tracker.debian.org/tracker/CVE-2023-48795", "reference_id": "CVE-2023-48795", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security-tracker.debian.org/tracker/CVE-2023-48795" }, { "reference_url": "https://ubuntu.com/security/CVE-2023-48795", "reference_id": "CVE-2023-48795", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://ubuntu.com/security/CVE-2023-48795" }, { "reference_url": "https://thorntech.com/cve-2023-48795-and-sftp-gateway", "reference_id": "CVE-2023-48795-AND-SFTP-GATEWAY", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://thorntech.com/cve-2023-48795-and-sftp-gateway" }, { "reference_url": "https://thorntech.com/cve-2023-48795-and-sftp-gateway/", "reference_id": "CVE-2023-48795-AND-SFTP-GATEWAY", "reference_type": "", "scores": [], "url": "https://thorntech.com/cve-2023-48795-and-sftp-gateway/" }, { "reference_url": "https://www.vicarius.io/vsociety/posts/cve-2023-48795-detect-openssh-vulnerabilit", "reference_id": "CVE-2023-48795-DETECT-OPENSSH-VULNERABILIT", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.vicarius.io/vsociety/posts/cve-2023-48795-detect-openssh-vulnerabilit" }, { "reference_url": "https://www.vicarius.io/vsociety/posts/cve-2023-48795-mitigate-openssh-vulnerability", "reference_id": "CVE-2023-48795-MITIGATE-OPENSSH-VULNERABILITY", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.vicarius.io/vsociety/posts/cve-2023-48795-mitigate-openssh-vulnerability" }, { "reference_url": "https://github.com/advisories/GHSA-45x7-px36-x8w8", "reference_id": "GHSA-45x7-px36-x8w8", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-45x7-px36-x8w8" }, { "reference_url": "https://github.com/warp-tech/russh/security/advisories/GHSA-45x7-px36-x8w8", "reference_id": "GHSA-45x7-px36-x8w8", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/warp-tech/russh/security/advisories/GHSA-45x7-px36-x8w8" }, { "reference_url": "https://security.gentoo.org/glsa/202407-11", "reference_id": "GLSA-202407-11", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202407-11" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7197", "reference_id": "RHSA-2023:7197", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7197" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7198", "reference_id": "RHSA-2023:7198", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7198" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7201", "reference_id": "RHSA-2023:7201", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7201" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0040", "reference_id": "RHSA-2024:0040", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0040" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0429", "reference_id": "RHSA-2024:0429", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0429" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0455", "reference_id": "RHSA-2024:0455", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0455" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0499", "reference_id": "RHSA-2024:0499", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0499" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0538", "reference_id": "RHSA-2024:0538", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0538" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0594", "reference_id": "RHSA-2024:0594", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0594" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0606", "reference_id": "RHSA-2024:0606", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0606" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0625", "reference_id": "RHSA-2024:0625", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0625" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0628", "reference_id": "RHSA-2024:0628", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0628" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0766", "reference_id": "RHSA-2024:0766", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0766" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0789", "reference_id": "RHSA-2024:0789", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0789" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0843", "reference_id": "RHSA-2024:0843", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0880", "reference_id": "RHSA-2024:0880", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0880" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0954", "reference_id": "RHSA-2024:0954", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0954" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1130", "reference_id": "RHSA-2024:1130", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1130" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1150", "reference_id": "RHSA-2024:1150", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1150" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1192", "reference_id": "RHSA-2024:1192", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1192" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1193", "reference_id": "RHSA-2024:1193", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1193" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1196", "reference_id": "RHSA-2024:1196", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1196" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1197", "reference_id": "RHSA-2024:1197", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1197" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1210", "reference_id": "RHSA-2024:1210", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1210" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1383", "reference_id": "RHSA-2024:1383", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1383" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1557", "reference_id": "RHSA-2024:1557", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1557" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1859", "reference_id": "RHSA-2024:1859", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1859" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2728", "reference_id": "RHSA-2024:2728", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2728" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2735", "reference_id": "RHSA-2024:2735", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2735" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2768", "reference_id": "RHSA-2024:2768", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2768" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2988", "reference_id": "RHSA-2024:2988", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2988" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3479", "reference_id": "RHSA-2024:3479", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:3479" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3634", "reference_id": "RHSA-2024:3634", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:3634" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3635", "reference_id": "RHSA-2024:3635", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:3635" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3636", "reference_id": "RHSA-2024:3636", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:3636" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3918", "reference_id": "RHSA-2024:3918", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:3918" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4010", "reference_id": "RHSA-2024:4010", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4010" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4151", "reference_id": "RHSA-2024:4151", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4151" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4329", "reference_id": "RHSA-2024:4329", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4329" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4479", "reference_id": "RHSA-2024:4479", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4479" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4484", "reference_id": "RHSA-2024:4484", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4484" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4597", "reference_id": "RHSA-2024:4597", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4597" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4662", "reference_id": "RHSA-2024:4662", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4662" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4955", "reference_id": "RHSA-2024:4955", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4955" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4959", "reference_id": "RHSA-2024:4959", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4959" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5200", "reference_id": "RHSA-2024:5200", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5200" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5432", "reference_id": "RHSA-2024:5432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5432" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5433", "reference_id": "RHSA-2024:5433", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5433" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5438", "reference_id": "RHSA-2024:5438", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5438" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8235", "reference_id": "RHSA-2024:8235", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8235" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4664", "reference_id": "RHSA-2025:4664", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4664" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93543?format=api", "purl": "pkg:deb/debian/erlang@1:23.2.6%2Bdfsg-1%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uh8-nhph-gfb6" }, { "vulnerability": "VCID-883b-48uw-6yag" }, { "vulnerability": "VCID-b3hg-mjga-nbg1" }, { "vulnerability": "VCID-dazh-ypb5-akfp" }, { "vulnerability": "VCID-dccw-cx8r-r7a1" }, { "vulnerability": "VCID-ryy7-f45d-yyhv" }, { "vulnerability": "VCID-wsby-unw4-zqe7" }, { "vulnerability": "VCID-yyfx-f783-fqgk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:23.2.6%252Bdfsg-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93560?format=api", "purl": "pkg:deb/debian/erlang@1:23.2.6%2Bdfsg-1%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:23.2.6%252Bdfsg-1%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93559?format=api", "purl": "pkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:25.2.3%252Bdfsg-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93541?format=api", "purl": "pkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uh8-nhph-gfb6" }, { "vulnerability": "VCID-883b-48uw-6yag" }, { "vulnerability": "VCID-b3hg-mjga-nbg1" }, { "vulnerability": "VCID-dazh-ypb5-akfp" }, { "vulnerability": "VCID-ryy7-f45d-yyhv" }, { "vulnerability": "VCID-wsby-unw4-zqe7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:25.2.3%252Bdfsg-1%252Bdeb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93561?format=api", "purl": "pkg:deb/debian/erlang@1:25.3.2.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:25.3.2.8%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93545?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.1%2Bdfsg-1%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uh8-nhph-gfb6" }, { "vulnerability": "VCID-883b-48uw-6yag" }, { "vulnerability": "VCID-aqqx-g7d3-1yfy" }, { "vulnerability": "VCID-dazh-ypb5-akfp" }, { "vulnerability": "VCID-n6dc-39d1-83cr" }, { "vulnerability": "VCID-ryy7-f45d-yyhv" }, { "vulnerability": "VCID-wsby-unw4-zqe7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.1%252Bdfsg-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93544?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.12%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.12%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-48795", "GHSA-45x7-px36-x8w8" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-38u7-pvx6-ayb4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58901?format=api", "vulnerability_id": "VCID-64mt-9155-tkbv", "summary": "The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a \"BEAST\" attack.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3389.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3389.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3389", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03832", "scoring_system": "epss", "scoring_elements": "0.88361", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3389" }, { "reference_url": "https://curl.se/docs/CVE-2011-3389.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2011-3389.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=737506", "reference_id": "737506", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=737506" }, { "reference_url": "https://security.gentoo.org/glsa/201111-02", "reference_id": "GLSA-201111-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201111-02" }, { "reference_url": "https://security.gentoo.org/glsa/201203-02", "reference_id": "GLSA-201203-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201203-02" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://security.gentoo.org/glsa/201406-32", "reference_id": "GLSA-201406-32", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201406-32" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1380", "reference_id": "RHSA-2011:1380", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1380" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1384", "reference_id": "RHSA-2011:1384", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1384" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0006", "reference_id": "RHSA-2012:0006", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0006" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0034", "reference_id": "RHSA-2012:0034", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0034" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0343", "reference_id": "RHSA-2012:0343", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0343" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0508", "reference_id": "RHSA-2012:0508", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0508" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1455", "reference_id": "RHSA-2013:1455", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1455" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93546?format=api", "purl": "pkg:deb/debian/erlang@1:15.b-dfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:15.b-dfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93543?format=api", "purl": "pkg:deb/debian/erlang@1:23.2.6%2Bdfsg-1%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uh8-nhph-gfb6" }, { "vulnerability": "VCID-883b-48uw-6yag" }, { "vulnerability": "VCID-b3hg-mjga-nbg1" }, { "vulnerability": "VCID-dazh-ypb5-akfp" }, { "vulnerability": "VCID-dccw-cx8r-r7a1" }, { "vulnerability": "VCID-ryy7-f45d-yyhv" }, { "vulnerability": "VCID-wsby-unw4-zqe7" }, { "vulnerability": "VCID-yyfx-f783-fqgk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:23.2.6%252Bdfsg-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93541?format=api", "purl": "pkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uh8-nhph-gfb6" }, { "vulnerability": "VCID-883b-48uw-6yag" }, { "vulnerability": "VCID-b3hg-mjga-nbg1" }, { "vulnerability": "VCID-dazh-ypb5-akfp" }, { "vulnerability": "VCID-ryy7-f45d-yyhv" }, { "vulnerability": "VCID-wsby-unw4-zqe7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:25.2.3%252Bdfsg-1%252Bdeb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93545?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.1%2Bdfsg-1%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uh8-nhph-gfb6" }, { "vulnerability": "VCID-883b-48uw-6yag" }, { "vulnerability": "VCID-aqqx-g7d3-1yfy" }, { "vulnerability": "VCID-dazh-ypb5-akfp" }, { "vulnerability": "VCID-n6dc-39d1-83cr" }, { "vulnerability": "VCID-ryy7-f45d-yyhv" }, { "vulnerability": "VCID-wsby-unw4-zqe7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.1%252Bdfsg-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93544?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.12%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.12%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2011-3389" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-64mt-9155-tkbv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66615?format=api", "vulnerability_id": "VCID-85tq-6shy-hqbz", "summary": "yaws_config.erl in Yaws through 2.0.2 and/or 2.0.7 loads obsolete TLS ciphers, as demonstrated by ones that allow Sweet32 attacks, if running on an Erlang/OTP virtual machine with a version less than 21.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-12872", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09823", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-12872" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93554?format=api", "purl": "pkg:deb/debian/erlang@1:21.2.6%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:21.2.6%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93543?format=api", "purl": "pkg:deb/debian/erlang@1:23.2.6%2Bdfsg-1%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uh8-nhph-gfb6" }, { "vulnerability": "VCID-883b-48uw-6yag" }, { "vulnerability": "VCID-b3hg-mjga-nbg1" }, { "vulnerability": "VCID-dazh-ypb5-akfp" }, { "vulnerability": "VCID-dccw-cx8r-r7a1" }, { "vulnerability": "VCID-ryy7-f45d-yyhv" }, { "vulnerability": "VCID-wsby-unw4-zqe7" }, { "vulnerability": "VCID-yyfx-f783-fqgk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:23.2.6%252Bdfsg-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93541?format=api", "purl": "pkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uh8-nhph-gfb6" }, { "vulnerability": "VCID-883b-48uw-6yag" }, { "vulnerability": "VCID-b3hg-mjga-nbg1" }, { "vulnerability": "VCID-dazh-ypb5-akfp" }, { "vulnerability": "VCID-ryy7-f45d-yyhv" }, { "vulnerability": "VCID-wsby-unw4-zqe7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:25.2.3%252Bdfsg-1%252Bdeb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93545?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.1%2Bdfsg-1%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uh8-nhph-gfb6" }, { "vulnerability": "VCID-883b-48uw-6yag" }, { "vulnerability": "VCID-aqqx-g7d3-1yfy" }, { "vulnerability": "VCID-dazh-ypb5-akfp" }, { "vulnerability": "VCID-n6dc-39d1-83cr" }, { "vulnerability": "VCID-ryy7-f45d-yyhv" }, { "vulnerability": "VCID-wsby-unw4-zqe7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.1%252Bdfsg-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93544?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.12%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.12%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-12872" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-85tq-6shy-hqbz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66611?format=api", "vulnerability_id": "VCID-8asg-twgg-9uac", "summary": "Erlang/OTP before 18.0-rc1 does not properly check CBC padding bytes when terminating connections, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE).", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-2774", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00529", "scoring_system": "epss", "scoring_elements": "0.67555", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-2774" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781839", "reference_id": "781839", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781839" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93549?format=api", "purl": "pkg:deb/debian/erlang@1:17.3-dfsg-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:17.3-dfsg-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93543?format=api", "purl": "pkg:deb/debian/erlang@1:23.2.6%2Bdfsg-1%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uh8-nhph-gfb6" }, { "vulnerability": "VCID-883b-48uw-6yag" }, { "vulnerability": "VCID-b3hg-mjga-nbg1" }, { "vulnerability": "VCID-dazh-ypb5-akfp" }, { "vulnerability": "VCID-dccw-cx8r-r7a1" }, { "vulnerability": "VCID-ryy7-f45d-yyhv" }, { "vulnerability": "VCID-wsby-unw4-zqe7" }, { "vulnerability": "VCID-yyfx-f783-fqgk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:23.2.6%252Bdfsg-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93541?format=api", "purl": "pkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uh8-nhph-gfb6" }, { "vulnerability": "VCID-883b-48uw-6yag" }, { "vulnerability": "VCID-b3hg-mjga-nbg1" }, { "vulnerability": "VCID-dazh-ypb5-akfp" }, { "vulnerability": "VCID-ryy7-f45d-yyhv" }, { "vulnerability": "VCID-wsby-unw4-zqe7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:25.2.3%252Bdfsg-1%252Bdeb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93545?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.1%2Bdfsg-1%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uh8-nhph-gfb6" }, { "vulnerability": "VCID-883b-48uw-6yag" }, { "vulnerability": "VCID-aqqx-g7d3-1yfy" }, { "vulnerability": "VCID-dazh-ypb5-akfp" }, { "vulnerability": "VCID-n6dc-39d1-83cr" }, { "vulnerability": "VCID-ryy7-f45d-yyhv" }, { "vulnerability": "VCID-wsby-unw4-zqe7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.1%252Bdfsg-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93544?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.12%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.12%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2015-2774" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8asg-twgg-9uac" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66628?format=api", "vulnerability_id": "VCID-92ms-9s91-1ff3", "summary": "Relative Path Traversal, Improper Isolation or Compartmentalization vulnerability in erlang otp erlang/otp (tftp_file modules), erlang otp inets (tftp_file modules), erlang otp tftp (tftp_file modules) allows Relative Path Traversal. This vulnerability is associated with program files lib/tftp/src/tftp_file.erl, src/tftp_file.erl. This issue affects otp: from 17.0, from 07b8f441ca711f9812fad9e9115bab3c3aa92f79; otp: from 5.10 before 7.0; otp: from 1.0.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-21620.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-21620.json" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128651", "reference_id": "1128651", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128651" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441326", "reference_id": "2441326", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441326" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93543?format=api", "purl": "pkg:deb/debian/erlang@1:23.2.6%2Bdfsg-1%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uh8-nhph-gfb6" }, { "vulnerability": "VCID-883b-48uw-6yag" }, { "vulnerability": "VCID-b3hg-mjga-nbg1" }, { "vulnerability": "VCID-dazh-ypb5-akfp" }, { "vulnerability": "VCID-dccw-cx8r-r7a1" }, { "vulnerability": "VCID-ryy7-f45d-yyhv" }, { "vulnerability": "VCID-wsby-unw4-zqe7" }, { "vulnerability": "VCID-yyfx-f783-fqgk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:23.2.6%252Bdfsg-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93570?format=api", "purl": "pkg:deb/debian/erlang@1:23.2.6%2Bdfsg-1%2Bdeb11u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:23.2.6%252Bdfsg-1%252Bdeb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93541?format=api", "purl": "pkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uh8-nhph-gfb6" }, { "vulnerability": "VCID-883b-48uw-6yag" }, { "vulnerability": "VCID-b3hg-mjga-nbg1" }, { "vulnerability": "VCID-dazh-ypb5-akfp" }, { "vulnerability": "VCID-ryy7-f45d-yyhv" }, { "vulnerability": "VCID-wsby-unw4-zqe7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:25.2.3%252Bdfsg-1%252Bdeb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93545?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.1%2Bdfsg-1%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uh8-nhph-gfb6" }, { "vulnerability": "VCID-883b-48uw-6yag" }, { "vulnerability": "VCID-aqqx-g7d3-1yfy" }, { "vulnerability": "VCID-dazh-ypb5-akfp" }, { "vulnerability": "VCID-n6dc-39d1-83cr" }, { "vulnerability": "VCID-ryy7-f45d-yyhv" }, { "vulnerability": "VCID-wsby-unw4-zqe7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.1%252Bdfsg-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93571?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.8%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93544?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.12%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.12%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-21620" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-92ms-9s91-1ff3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63449?format=api", "vulnerability_id": "VCID-aqqx-g7d3-1yfy", "summary": "Erlang OTP: Erlang OTP public_key: OCSP authorization bypass and information disclosure due to missing signature verification", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32144.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32144.json" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455896", "reference_id": "2455896", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455896" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93557?format=api", "purl": "pkg:deb/debian/erlang@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93543?format=api", "purl": "pkg:deb/debian/erlang@1:23.2.6%2Bdfsg-1%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uh8-nhph-gfb6" }, { "vulnerability": "VCID-883b-48uw-6yag" }, { "vulnerability": "VCID-b3hg-mjga-nbg1" }, { "vulnerability": "VCID-dazh-ypb5-akfp" }, { "vulnerability": "VCID-dccw-cx8r-r7a1" }, { "vulnerability": "VCID-ryy7-f45d-yyhv" }, { "vulnerability": "VCID-wsby-unw4-zqe7" }, { "vulnerability": "VCID-yyfx-f783-fqgk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:23.2.6%252Bdfsg-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93541?format=api", "purl": "pkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uh8-nhph-gfb6" }, { "vulnerability": "VCID-883b-48uw-6yag" }, { "vulnerability": "VCID-b3hg-mjga-nbg1" }, { "vulnerability": "VCID-dazh-ypb5-akfp" }, { "vulnerability": "VCID-ryy7-f45d-yyhv" }, { "vulnerability": "VCID-wsby-unw4-zqe7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:25.2.3%252Bdfsg-1%252Bdeb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93573?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.10%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.10%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93544?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.12%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.12%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-32144" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-aqqx-g7d3-1yfy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66629?format=api", "vulnerability_id": "VCID-d3yq-zqjy-yfh1", "summary": "Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in Erlang OTP (inets httpd module) allows HTTP Request Smuggling. This vulnerability is associated with program files lib/inets/src/http_server/httpd_request.erl and program routines httpd_request:parse_headers/7. The server does not reject or normalize duplicate Content-Length headers. The earliest Content-Length in the request is used for body parsing while common reverse proxies (nginx, Apache httpd, Envoy) honor the last Content-Length value. This violates RFC 9112 Section 6.3 and allows front-end/back-end desynchronization, leaving attacker-controlled bytes queued as the start of the next request. This issue affects OTP from OTP 17.0 until OTP 28.4.1, OTP 27.3.4.9 and OTP 26.2.5.18, corresponding to inets from 5.10 until 9.6.1, 9.3.2.3 and 9.1.0.5.", "references": [ { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130912", "reference_id": "1130912", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130912" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93543?format=api", "purl": "pkg:deb/debian/erlang@1:23.2.6%2Bdfsg-1%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uh8-nhph-gfb6" }, { "vulnerability": "VCID-883b-48uw-6yag" }, { "vulnerability": "VCID-b3hg-mjga-nbg1" }, { "vulnerability": "VCID-dazh-ypb5-akfp" }, { "vulnerability": "VCID-dccw-cx8r-r7a1" }, { "vulnerability": "VCID-ryy7-f45d-yyhv" }, { "vulnerability": "VCID-wsby-unw4-zqe7" }, { "vulnerability": "VCID-yyfx-f783-fqgk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:23.2.6%252Bdfsg-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93570?format=api", "purl": "pkg:deb/debian/erlang@1:23.2.6%2Bdfsg-1%2Bdeb11u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:23.2.6%252Bdfsg-1%252Bdeb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93541?format=api", "purl": "pkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uh8-nhph-gfb6" }, { "vulnerability": "VCID-883b-48uw-6yag" }, { "vulnerability": "VCID-b3hg-mjga-nbg1" }, { "vulnerability": "VCID-dazh-ypb5-akfp" }, { "vulnerability": "VCID-ryy7-f45d-yyhv" }, { "vulnerability": "VCID-wsby-unw4-zqe7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:25.2.3%252Bdfsg-1%252Bdeb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93545?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.1%2Bdfsg-1%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uh8-nhph-gfb6" }, { "vulnerability": "VCID-883b-48uw-6yag" }, { "vulnerability": "VCID-aqqx-g7d3-1yfy" }, { "vulnerability": "VCID-dazh-ypb5-akfp" }, { "vulnerability": "VCID-n6dc-39d1-83cr" }, { "vulnerability": "VCID-ryy7-f45d-yyhv" }, { "vulnerability": "VCID-wsby-unw4-zqe7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.1%252Bdfsg-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93572?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.9%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.9%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93544?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.12%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.12%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-23941" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d3yq-zqjy-yfh1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66620?format=api", "vulnerability_id": "VCID-e4ws-u5nw-vbhx", "summary": "Erlang is a programming language and runtime system for building massively scalable soft real-time systems with requirements on high availability. OTP is a set of Erlang libraries, which consists of the Erlang runtime system, a number of ready-to-use components mainly written in Erlang. Packet size is not verified properly for SFTP packets. As a result when multiple SSH packets (conforming to max SSH packet size) are received by ssh, they might be combined into an SFTP packet which will exceed the max allowed packet size and potentially cause large amount of memory to be allocated. Note that situation described above can only happen for successfully authenticated users after completing the SSH handshake. This issue has been patched in OTP versions 27.2.4, 26.2.5.9, and 25.3.2.18. There are no known workarounds for this vulnerability.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-26618.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-26618.json" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2346900", "reference_id": "2346900", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2346900" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93543?format=api", "purl": "pkg:deb/debian/erlang@1:23.2.6%2Bdfsg-1%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uh8-nhph-gfb6" }, { "vulnerability": "VCID-883b-48uw-6yag" }, { "vulnerability": "VCID-b3hg-mjga-nbg1" }, { "vulnerability": "VCID-dazh-ypb5-akfp" }, { "vulnerability": "VCID-dccw-cx8r-r7a1" }, { "vulnerability": "VCID-ryy7-f45d-yyhv" }, { "vulnerability": "VCID-wsby-unw4-zqe7" }, { "vulnerability": "VCID-yyfx-f783-fqgk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:23.2.6%252Bdfsg-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93560?format=api", "purl": "pkg:deb/debian/erlang@1:23.2.6%2Bdfsg-1%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:23.2.6%252Bdfsg-1%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93559?format=api", "purl": "pkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:25.2.3%252Bdfsg-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93541?format=api", "purl": "pkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uh8-nhph-gfb6" }, { "vulnerability": "VCID-883b-48uw-6yag" }, { "vulnerability": "VCID-b3hg-mjga-nbg1" }, { "vulnerability": "VCID-dazh-ypb5-akfp" }, { "vulnerability": "VCID-ryy7-f45d-yyhv" }, { "vulnerability": "VCID-wsby-unw4-zqe7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:25.2.3%252Bdfsg-1%252Bdeb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93563?format=api", "purl": "pkg:deb/debian/erlang@1:27.2.4%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.2.4%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93545?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.1%2Bdfsg-1%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uh8-nhph-gfb6" }, { "vulnerability": "VCID-883b-48uw-6yag" }, { "vulnerability": "VCID-aqqx-g7d3-1yfy" }, { "vulnerability": "VCID-dazh-ypb5-akfp" }, { "vulnerability": "VCID-n6dc-39d1-83cr" }, { "vulnerability": "VCID-ryy7-f45d-yyhv" }, { "vulnerability": "VCID-wsby-unw4-zqe7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.1%252Bdfsg-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93544?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.12%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.12%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-26618" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e4ws-u5nw-vbhx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66622?format=api", "vulnerability_id": "VCID-jhx8-w919-akbp", "summary": "Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, a malicious actor could gain unauthorized access to affected systems and execute arbitrary commands without valid credentials. This issue is patched in versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20. A temporary workaround involves disabling the SSH server or to prevent access via firewall rules.", "references": [ { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103442", "reference_id": "1103442", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103442" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93543?format=api", "purl": "pkg:deb/debian/erlang@1:23.2.6%2Bdfsg-1%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uh8-nhph-gfb6" }, { "vulnerability": "VCID-883b-48uw-6yag" }, { "vulnerability": "VCID-b3hg-mjga-nbg1" }, { "vulnerability": "VCID-dazh-ypb5-akfp" }, { "vulnerability": "VCID-dccw-cx8r-r7a1" }, { "vulnerability": "VCID-ryy7-f45d-yyhv" }, { "vulnerability": "VCID-wsby-unw4-zqe7" }, { "vulnerability": "VCID-yyfx-f783-fqgk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:23.2.6%252Bdfsg-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93560?format=api", "purl": "pkg:deb/debian/erlang@1:23.2.6%2Bdfsg-1%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:23.2.6%252Bdfsg-1%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93559?format=api", "purl": "pkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:25.2.3%252Bdfsg-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93541?format=api", "purl": "pkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uh8-nhph-gfb6" }, { "vulnerability": "VCID-883b-48uw-6yag" }, { "vulnerability": "VCID-b3hg-mjga-nbg1" }, { "vulnerability": "VCID-dazh-ypb5-akfp" }, { "vulnerability": "VCID-ryy7-f45d-yyhv" }, { "vulnerability": "VCID-wsby-unw4-zqe7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:25.2.3%252Bdfsg-1%252Bdeb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93565?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.3%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.3%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93545?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.1%2Bdfsg-1%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uh8-nhph-gfb6" }, { "vulnerability": "VCID-883b-48uw-6yag" }, { "vulnerability": "VCID-aqqx-g7d3-1yfy" }, { "vulnerability": "VCID-dazh-ypb5-akfp" }, { "vulnerability": "VCID-n6dc-39d1-83cr" }, { "vulnerability": "VCID-ryy7-f45d-yyhv" }, { "vulnerability": "VCID-wsby-unw4-zqe7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.1%252Bdfsg-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93544?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.12%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.12%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-32433" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jhx8-w919-akbp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66619?format=api", "vulnerability_id": "VCID-m276-hmtf-93h5", "summary": "OTP is a set of Erlang libraries, which consists of the Erlang runtime system, a number of ready-to-use components mainly written in Erlang, and a set of design principles for Erlang programs. A regression was introduced into the ssl application of OTP starting at OTP-25.3.2.8, OTP-26.2, and OTP-27.0, resulting in a server or client verifying the peer when incorrect extended key usage is presented (i.e., a server will verify a client if they have server auth ext key usage and vice versa).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-53846.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-53846.json" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2330624", "reference_id": "2330624", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2330624" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93557?format=api", "purl": "pkg:deb/debian/erlang@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93543?format=api", "purl": "pkg:deb/debian/erlang@1:23.2.6%2Bdfsg-1%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uh8-nhph-gfb6" }, { "vulnerability": "VCID-883b-48uw-6yag" }, { "vulnerability": "VCID-b3hg-mjga-nbg1" }, { "vulnerability": "VCID-dazh-ypb5-akfp" }, { "vulnerability": "VCID-dccw-cx8r-r7a1" }, { "vulnerability": "VCID-ryy7-f45d-yyhv" }, { "vulnerability": "VCID-wsby-unw4-zqe7" }, { "vulnerability": "VCID-yyfx-f783-fqgk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:23.2.6%252Bdfsg-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93541?format=api", "purl": "pkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uh8-nhph-gfb6" }, { "vulnerability": "VCID-883b-48uw-6yag" }, { "vulnerability": "VCID-b3hg-mjga-nbg1" }, { "vulnerability": "VCID-dazh-ypb5-akfp" }, { "vulnerability": "VCID-ryy7-f45d-yyhv" }, { "vulnerability": "VCID-wsby-unw4-zqe7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:25.2.3%252Bdfsg-1%252Bdeb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93562?format=api", "purl": "pkg:deb/debian/erlang@1:27.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93545?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.1%2Bdfsg-1%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uh8-nhph-gfb6" }, { "vulnerability": "VCID-883b-48uw-6yag" }, { "vulnerability": "VCID-aqqx-g7d3-1yfy" }, { "vulnerability": "VCID-dazh-ypb5-akfp" }, { "vulnerability": "VCID-n6dc-39d1-83cr" }, { "vulnerability": "VCID-ryy7-f45d-yyhv" }, { "vulnerability": "VCID-wsby-unw4-zqe7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.1%252Bdfsg-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93544?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.12%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.12%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-53846" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m276-hmtf-93h5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66634?format=api", "vulnerability_id": "VCID-n6dc-39d1-83cr", "summary": "Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_ocsp module) allows forged OCSP responses signed with an expired responder certificate to be accepted as valid. OCSP response verification in pubkey_ocsp:verify_response/5 and pubkey_ocsp:is_authorized_responder/3 in lib/public_key/src/pubkey_ocsp.erl does not check the validity period (notBefore/notAfter) of the OCSP responder certificate. An attacker who has obtained the private key of an expired CA-designated OCSP responder certificate can forge OCSP responses that Erlang/OTP accepts as valid. This affects TLS clients using OCSP stapling via the ssl application: a malicious or compromised server can present a revoked TLS certificate together with a forged OCSP response signed by an expired responder key, and the client will accept the revoked certificate as valid. It also affects applications calling public_key:pkix_ocsp_validate/5 directly, where the impact depends on the use case — server-side client certificate validation using this API may allow authentication bypass with a revoked client certificate. This issue affects OTP from OTP 27.0 before OTP 27.3.4.12, 28.5.0.1, and 29.0.1 corresponding to public_key from 1.16 before 1.17.1.3, 1.20.3.1, and 1.21.1.", "references": [], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93557?format=api", "purl": "pkg:deb/debian/erlang@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93543?format=api", "purl": "pkg:deb/debian/erlang@1:23.2.6%2Bdfsg-1%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uh8-nhph-gfb6" }, { "vulnerability": "VCID-883b-48uw-6yag" }, { "vulnerability": "VCID-b3hg-mjga-nbg1" }, { "vulnerability": "VCID-dazh-ypb5-akfp" }, { "vulnerability": "VCID-dccw-cx8r-r7a1" }, { "vulnerability": "VCID-ryy7-f45d-yyhv" }, { "vulnerability": "VCID-wsby-unw4-zqe7" }, { "vulnerability": "VCID-yyfx-f783-fqgk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:23.2.6%252Bdfsg-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93541?format=api", "purl": "pkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uh8-nhph-gfb6" }, { "vulnerability": "VCID-883b-48uw-6yag" }, { "vulnerability": "VCID-b3hg-mjga-nbg1" }, { "vulnerability": "VCID-dazh-ypb5-akfp" }, { "vulnerability": "VCID-ryy7-f45d-yyhv" }, { "vulnerability": "VCID-wsby-unw4-zqe7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:25.2.3%252Bdfsg-1%252Bdeb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93544?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.12%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.12%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-42791" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n6dc-39d1-83cr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66617?format=api", "vulnerability_id": "VCID-nh1y-j2yz-wyet", "summary": "A local privilege escalation vulnerability was discovered in Erlang/OTP prior to version 23.2.3. By adding files to an existing installation's directory, a local attacker could hijack accounts of other users running Erlang programs or possibly coerce a service running with \"erlsrv.exe\" to execute arbitrary code as Local System. This can occur only under specific conditions on Windows with unsafe filesystem permissions.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-29221", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11845", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-29221" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93557?format=api", "purl": "pkg:deb/debian/erlang@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93543?format=api", "purl": "pkg:deb/debian/erlang@1:23.2.6%2Bdfsg-1%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uh8-nhph-gfb6" }, { "vulnerability": "VCID-883b-48uw-6yag" }, { "vulnerability": "VCID-b3hg-mjga-nbg1" }, { "vulnerability": "VCID-dazh-ypb5-akfp" }, { "vulnerability": "VCID-dccw-cx8r-r7a1" }, { "vulnerability": "VCID-ryy7-f45d-yyhv" }, { "vulnerability": "VCID-wsby-unw4-zqe7" }, { "vulnerability": "VCID-yyfx-f783-fqgk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:23.2.6%252Bdfsg-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93541?format=api", "purl": "pkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uh8-nhph-gfb6" }, { "vulnerability": "VCID-883b-48uw-6yag" }, { "vulnerability": "VCID-b3hg-mjga-nbg1" }, { "vulnerability": "VCID-dazh-ypb5-akfp" }, { "vulnerability": "VCID-ryy7-f45d-yyhv" }, { "vulnerability": "VCID-wsby-unw4-zqe7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:25.2.3%252Bdfsg-1%252Bdeb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93545?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.1%2Bdfsg-1%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uh8-nhph-gfb6" }, { "vulnerability": "VCID-883b-48uw-6yag" }, { "vulnerability": "VCID-aqqx-g7d3-1yfy" }, { "vulnerability": "VCID-dazh-ypb5-akfp" }, { "vulnerability": "VCID-n6dc-39d1-83cr" }, { "vulnerability": "VCID-ryy7-f45d-yyhv" }, { "vulnerability": "VCID-wsby-unw4-zqe7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.1%252Bdfsg-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93544?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.12%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.12%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-29221" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nh1y-j2yz-wyet" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66616?format=api", "vulnerability_id": "VCID-ps6d-uqp1-hbe9", "summary": "Erlang/OTP 22.3.x before 22.3.4.6 and 23.x before 23.1 allows Directory Traversal. An attacker can send a crafted HTTP request to read arbitrary files, if httpd in the inets application is used.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25623.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25623.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25623", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00934", "scoring_system": "epss", "scoring_elements": "0.76527", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25623" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1885311", "reference_id": "1885311", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1885311" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93555?format=api", "purl": "pkg:deb/debian/erlang@1:23.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:23.1%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93543?format=api", "purl": "pkg:deb/debian/erlang@1:23.2.6%2Bdfsg-1%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uh8-nhph-gfb6" }, { "vulnerability": "VCID-883b-48uw-6yag" }, { "vulnerability": "VCID-b3hg-mjga-nbg1" }, { "vulnerability": "VCID-dazh-ypb5-akfp" }, { "vulnerability": "VCID-dccw-cx8r-r7a1" }, { "vulnerability": "VCID-ryy7-f45d-yyhv" }, { "vulnerability": "VCID-wsby-unw4-zqe7" }, { "vulnerability": "VCID-yyfx-f783-fqgk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:23.2.6%252Bdfsg-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93541?format=api", "purl": "pkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uh8-nhph-gfb6" }, { "vulnerability": "VCID-883b-48uw-6yag" }, { "vulnerability": "VCID-b3hg-mjga-nbg1" }, { "vulnerability": "VCID-dazh-ypb5-akfp" }, { "vulnerability": "VCID-ryy7-f45d-yyhv" }, { "vulnerability": "VCID-wsby-unw4-zqe7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:25.2.3%252Bdfsg-1%252Bdeb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93545?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.1%2Bdfsg-1%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uh8-nhph-gfb6" }, { "vulnerability": "VCID-883b-48uw-6yag" }, { "vulnerability": "VCID-aqqx-g7d3-1yfy" }, { "vulnerability": "VCID-dazh-ypb5-akfp" }, { "vulnerability": "VCID-n6dc-39d1-83cr" }, { "vulnerability": "VCID-ryy7-f45d-yyhv" }, { "vulnerability": "VCID-wsby-unw4-zqe7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.1%252Bdfsg-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93544?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.12%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.12%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-25623" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ps6d-uqp1-hbe9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66614?format=api", "vulnerability_id": "VCID-q6mc-q5jc-7qaq", "summary": "The Erlang otp TLS server answers with different TLS alerts to different error types in the RSA PKCS #1 1.5 padding. This allows an attacker to decrypt content or sign messages with the server's private key (this is a variation of the Bleichenbacher attack).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000385.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000385.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-1000385", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.83321", "scoring_system": "epss", "scoring_elements": "0.99287", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-1000385" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1520400", "reference_id": "1520400", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1520400" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0242", "reference_id": "RHSA-2018:0242", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:0242" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0303", "reference_id": "RHSA-2018:0303", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:0303" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0368", "reference_id": "RHSA-2018:0368", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:0368" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0528", "reference_id": "RHSA-2018:0528", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:0528" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93553?format=api", "purl": "pkg:deb/debian/erlang@1:20.1.7%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:20.1.7%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93543?format=api", "purl": "pkg:deb/debian/erlang@1:23.2.6%2Bdfsg-1%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uh8-nhph-gfb6" }, { "vulnerability": "VCID-883b-48uw-6yag" }, { "vulnerability": "VCID-b3hg-mjga-nbg1" }, { "vulnerability": "VCID-dazh-ypb5-akfp" }, { "vulnerability": "VCID-dccw-cx8r-r7a1" }, { "vulnerability": "VCID-ryy7-f45d-yyhv" }, { "vulnerability": "VCID-wsby-unw4-zqe7" }, { "vulnerability": "VCID-yyfx-f783-fqgk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:23.2.6%252Bdfsg-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93541?format=api", "purl": "pkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uh8-nhph-gfb6" }, { "vulnerability": "VCID-883b-48uw-6yag" }, { "vulnerability": "VCID-b3hg-mjga-nbg1" }, { "vulnerability": "VCID-dazh-ypb5-akfp" }, { "vulnerability": "VCID-ryy7-f45d-yyhv" }, { "vulnerability": "VCID-wsby-unw4-zqe7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:25.2.3%252Bdfsg-1%252Bdeb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93545?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.1%2Bdfsg-1%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uh8-nhph-gfb6" }, { "vulnerability": "VCID-883b-48uw-6yag" }, { "vulnerability": "VCID-aqqx-g7d3-1yfy" }, { "vulnerability": "VCID-dazh-ypb5-akfp" }, { "vulnerability": "VCID-n6dc-39d1-83cr" }, { "vulnerability": "VCID-ryy7-f45d-yyhv" }, { "vulnerability": "VCID-wsby-unw4-zqe7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.1%252Bdfsg-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93544?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.12%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.12%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-1000385" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q6mc-q5jc-7qaq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66627?format=api", "vulnerability_id": "VCID-ravv-qx9m-kucw", "summary": "Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Flooding. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl. This issue affects OTP form OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and 26.2.5.15 corresponding to ssh from 3.0.1 until 5.3.3, 5.2.11.3 and 5.1.4.12.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48041.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48041.json" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1115090", "reference_id": "1115090", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1115090" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2394520", "reference_id": "2394520", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2394520" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93543?format=api", "purl": "pkg:deb/debian/erlang@1:23.2.6%2Bdfsg-1%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uh8-nhph-gfb6" }, { "vulnerability": "VCID-883b-48uw-6yag" }, { "vulnerability": "VCID-b3hg-mjga-nbg1" }, { "vulnerability": "VCID-dazh-ypb5-akfp" }, { "vulnerability": "VCID-dccw-cx8r-r7a1" }, { "vulnerability": "VCID-ryy7-f45d-yyhv" }, { "vulnerability": "VCID-wsby-unw4-zqe7" }, { "vulnerability": "VCID-yyfx-f783-fqgk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:23.2.6%252Bdfsg-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93568?format=api", "purl": "pkg:deb/debian/erlang@1:23.2.6%2Bdfsg-1%2Bdeb11u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:23.2.6%252Bdfsg-1%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93541?format=api", "purl": "pkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uh8-nhph-gfb6" }, { "vulnerability": "VCID-883b-48uw-6yag" }, { "vulnerability": "VCID-b3hg-mjga-nbg1" }, { "vulnerability": "VCID-dazh-ypb5-akfp" }, { "vulnerability": "VCID-ryy7-f45d-yyhv" }, { "vulnerability": "VCID-wsby-unw4-zqe7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:25.2.3%252Bdfsg-1%252Bdeb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93551?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.1%2Bdfsg-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.1%252Bdfsg-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93545?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.1%2Bdfsg-1%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uh8-nhph-gfb6" }, { "vulnerability": "VCID-883b-48uw-6yag" }, { "vulnerability": "VCID-aqqx-g7d3-1yfy" }, { "vulnerability": "VCID-dazh-ypb5-akfp" }, { "vulnerability": "VCID-n6dc-39d1-83cr" }, { "vulnerability": "VCID-ryy7-f45d-yyhv" }, { "vulnerability": "VCID-wsby-unw4-zqe7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.1%252Bdfsg-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93550?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.3%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.3%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93544?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.12%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.12%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-48041" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ravv-qx9m-kucw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66618?format=api", "vulnerability_id": "VCID-rnmu-ks1d-dbh4", "summary": "In Erlang/OTP before 23.3.4.15, 24.x before 24.3.4.2, and 25.x before 25.0.2, there is a Client Authentication Bypass in certain client-certification situations for SSL, TLS, and DTLS.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-37026.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-37026.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-37026", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.41925", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-37026" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024632", "reference_id": "1024632", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024632" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2141802", "reference_id": "2141802", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2141802" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8857", "reference_id": "RHSA-2022:8857", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8857" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93543?format=api", "purl": "pkg:deb/debian/erlang@1:23.2.6%2Bdfsg-1%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uh8-nhph-gfb6" }, { "vulnerability": "VCID-883b-48uw-6yag" }, { "vulnerability": "VCID-b3hg-mjga-nbg1" }, { "vulnerability": "VCID-dazh-ypb5-akfp" }, { "vulnerability": "VCID-dccw-cx8r-r7a1" }, { "vulnerability": "VCID-ryy7-f45d-yyhv" }, { "vulnerability": "VCID-wsby-unw4-zqe7" }, { "vulnerability": "VCID-yyfx-f783-fqgk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:23.2.6%252Bdfsg-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93558?format=api", "purl": "pkg:deb/debian/erlang@1:24.3.4.5%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:24.3.4.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93541?format=api", "purl": "pkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uh8-nhph-gfb6" }, { "vulnerability": "VCID-883b-48uw-6yag" }, { "vulnerability": "VCID-b3hg-mjga-nbg1" }, { "vulnerability": "VCID-dazh-ypb5-akfp" }, { "vulnerability": "VCID-ryy7-f45d-yyhv" }, { "vulnerability": "VCID-wsby-unw4-zqe7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:25.2.3%252Bdfsg-1%252Bdeb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93545?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.1%2Bdfsg-1%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uh8-nhph-gfb6" }, { "vulnerability": "VCID-883b-48uw-6yag" }, { "vulnerability": "VCID-aqqx-g7d3-1yfy" }, { "vulnerability": "VCID-dazh-ypb5-akfp" }, { "vulnerability": "VCID-n6dc-39d1-83cr" }, { "vulnerability": "VCID-ryy7-f45d-yyhv" }, { "vulnerability": "VCID-wsby-unw4-zqe7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.1%252Bdfsg-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93544?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.12%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.12%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-37026" ], "risk_score": 4.2, "exploitability": "0.5", "weighted_severity": "8.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rnmu-ks1d-dbh4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66610?format=api", "vulnerability_id": "VCID-taf5-cn63-efhr", "summary": "Multiple CRLF injection vulnerabilities in the FTP module in Erlang/OTP R15B03 allow context-dependent attackers to inject arbitrary FTP commands via CRLF sequences in the (1) user, (2) account, (3) cd, (4) ls, (5) nlist, (6) rename, (7) delete, (8) mkdir, (9) rmdir, (10) recv, (11) recv_bin, (12) recv_chunk_start, (13) send, (14) send_bin, (15) send_chunk_start, (16) append_chunk_start, (17) append, or (18) append_bin command.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-1693", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00588", "scoring_system": "epss", "scoring_elements": "0.69499", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-1693" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=738132", "reference_id": "738132", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=738132" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93547?format=api", "purl": "pkg:deb/debian/erlang@1:16.b.3.1-dfsg-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:16.b.3.1-dfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93543?format=api", "purl": "pkg:deb/debian/erlang@1:23.2.6%2Bdfsg-1%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uh8-nhph-gfb6" }, { "vulnerability": "VCID-883b-48uw-6yag" }, { "vulnerability": "VCID-b3hg-mjga-nbg1" }, { "vulnerability": "VCID-dazh-ypb5-akfp" }, { "vulnerability": "VCID-dccw-cx8r-r7a1" }, { "vulnerability": "VCID-ryy7-f45d-yyhv" }, { "vulnerability": "VCID-wsby-unw4-zqe7" }, { "vulnerability": "VCID-yyfx-f783-fqgk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:23.2.6%252Bdfsg-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93541?format=api", "purl": "pkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uh8-nhph-gfb6" }, { "vulnerability": "VCID-883b-48uw-6yag" }, { "vulnerability": "VCID-b3hg-mjga-nbg1" }, { "vulnerability": "VCID-dazh-ypb5-akfp" }, { "vulnerability": "VCID-ryy7-f45d-yyhv" }, { "vulnerability": "VCID-wsby-unw4-zqe7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:25.2.3%252Bdfsg-1%252Bdeb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93545?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.1%2Bdfsg-1%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uh8-nhph-gfb6" }, { "vulnerability": "VCID-883b-48uw-6yag" }, { "vulnerability": "VCID-aqqx-g7d3-1yfy" }, { "vulnerability": "VCID-dazh-ypb5-akfp" }, { "vulnerability": "VCID-n6dc-39d1-83cr" }, { "vulnerability": "VCID-ryy7-f45d-yyhv" }, { "vulnerability": "VCID-wsby-unw4-zqe7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.1%252Bdfsg-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93544?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.12%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.12%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-1693" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-taf5-cn63-efhr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66630?format=api", "vulnerability_id": "VCID-uusk-yhkq-2uew", "summary": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP (ssh_sftpd module) allows Path Traversal. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl and program routines ssh_sftpd:is_within_root/2. The SFTP server uses string prefix matching via lists:prefix/2 rather than proper path component validation when checking if a path is within the configured root directory. This allows authenticated users to access sibling directories that share a common name prefix with the configured root directory. For example, if root is set to /home/user1, paths like /home/user10 or /home/user1_backup would incorrectly be considered within the root. This issue affects OTP from OTP 17.0 until OTP 28.4.1, OTP 27.3.4.9 and OTP 26.2.5.18, corresponding to ssh from 3.0.1 until 5.5.1, 5.2.11.6 and 5.1.4.14.", "references": [ { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130912", "reference_id": "1130912", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130912" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93543?format=api", "purl": "pkg:deb/debian/erlang@1:23.2.6%2Bdfsg-1%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uh8-nhph-gfb6" }, { "vulnerability": "VCID-883b-48uw-6yag" }, { "vulnerability": "VCID-b3hg-mjga-nbg1" }, { "vulnerability": "VCID-dazh-ypb5-akfp" }, { "vulnerability": "VCID-dccw-cx8r-r7a1" }, { "vulnerability": "VCID-ryy7-f45d-yyhv" }, { "vulnerability": "VCID-wsby-unw4-zqe7" }, { "vulnerability": "VCID-yyfx-f783-fqgk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:23.2.6%252Bdfsg-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93570?format=api", "purl": "pkg:deb/debian/erlang@1:23.2.6%2Bdfsg-1%2Bdeb11u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:23.2.6%252Bdfsg-1%252Bdeb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93541?format=api", "purl": "pkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uh8-nhph-gfb6" }, { "vulnerability": "VCID-883b-48uw-6yag" }, { "vulnerability": "VCID-b3hg-mjga-nbg1" }, { "vulnerability": "VCID-dazh-ypb5-akfp" }, { "vulnerability": "VCID-ryy7-f45d-yyhv" }, { "vulnerability": "VCID-wsby-unw4-zqe7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:25.2.3%252Bdfsg-1%252Bdeb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93545?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.1%2Bdfsg-1%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uh8-nhph-gfb6" }, { "vulnerability": "VCID-883b-48uw-6yag" }, { "vulnerability": "VCID-aqqx-g7d3-1yfy" }, { "vulnerability": "VCID-dazh-ypb5-akfp" }, { "vulnerability": "VCID-n6dc-39d1-83cr" }, { "vulnerability": "VCID-ryy7-f45d-yyhv" }, { "vulnerability": "VCID-wsby-unw4-zqe7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.1%252Bdfsg-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93572?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.9%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.9%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93544?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.12%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.12%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-23942" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uusk-yhkq-2uew" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66613?format=api", "vulnerability_id": "VCID-ws9d-hzqg-suhp", "summary": "An issue was discovered in Erlang/OTP 18.x. Erlang's generation of compiled regular expressions is vulnerable to a heap overflow. Regular expressions using a malformed extpattern can indirectly specify an offset that is used as an array index. This ordinal permits arbitrary regions within the erts_alloc arena to be both read and written to.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10253.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10253.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-10253", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50937", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-10253" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1433985", "reference_id": "1433985", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1433985" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858313", "reference_id": "858313", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858313" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93552?format=api", "purl": "pkg:deb/debian/erlang@1:19.2.1%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:19.2.1%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93543?format=api", "purl": "pkg:deb/debian/erlang@1:23.2.6%2Bdfsg-1%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uh8-nhph-gfb6" }, { "vulnerability": "VCID-883b-48uw-6yag" }, { "vulnerability": "VCID-b3hg-mjga-nbg1" }, { "vulnerability": "VCID-dazh-ypb5-akfp" }, { "vulnerability": "VCID-dccw-cx8r-r7a1" }, { "vulnerability": "VCID-ryy7-f45d-yyhv" }, { "vulnerability": "VCID-wsby-unw4-zqe7" }, { "vulnerability": "VCID-yyfx-f783-fqgk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:23.2.6%252Bdfsg-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93541?format=api", "purl": "pkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uh8-nhph-gfb6" }, { "vulnerability": "VCID-883b-48uw-6yag" }, { "vulnerability": "VCID-b3hg-mjga-nbg1" }, { "vulnerability": "VCID-dazh-ypb5-akfp" }, { "vulnerability": "VCID-ryy7-f45d-yyhv" }, { "vulnerability": "VCID-wsby-unw4-zqe7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:25.2.3%252Bdfsg-1%252Bdeb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93545?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.1%2Bdfsg-1%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uh8-nhph-gfb6" }, { "vulnerability": "VCID-883b-48uw-6yag" }, { "vulnerability": "VCID-aqqx-g7d3-1yfy" }, { "vulnerability": "VCID-dazh-ypb5-akfp" }, { "vulnerability": "VCID-n6dc-39d1-83cr" }, { "vulnerability": "VCID-ryy7-f45d-yyhv" }, { "vulnerability": "VCID-wsby-unw4-zqe7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.1%252Bdfsg-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93544?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.12%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.12%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-10253" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ws9d-hzqg-suhp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66624?format=api", "vulnerability_id": "VCID-xj5e-tw9x-v3be", "summary": "Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Resource Leak Exposure. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl. This issue affects OTP form OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and 26.2.5.15 corresponding to ssh from 3.0.1 until 5.3.3, 5.2.11.3 and 5.1.4.12.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48038.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48038.json" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1115093", "reference_id": "1115093", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1115093" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2394522", "reference_id": "2394522", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2394522" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93543?format=api", "purl": "pkg:deb/debian/erlang@1:23.2.6%2Bdfsg-1%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uh8-nhph-gfb6" }, { "vulnerability": "VCID-883b-48uw-6yag" }, { "vulnerability": "VCID-b3hg-mjga-nbg1" }, { "vulnerability": "VCID-dazh-ypb5-akfp" }, { "vulnerability": "VCID-dccw-cx8r-r7a1" }, { "vulnerability": "VCID-ryy7-f45d-yyhv" }, { "vulnerability": "VCID-wsby-unw4-zqe7" }, { "vulnerability": "VCID-yyfx-f783-fqgk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:23.2.6%252Bdfsg-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93568?format=api", "purl": "pkg:deb/debian/erlang@1:23.2.6%2Bdfsg-1%2Bdeb11u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:23.2.6%252Bdfsg-1%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93541?format=api", "purl": "pkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uh8-nhph-gfb6" }, { "vulnerability": "VCID-883b-48uw-6yag" }, { "vulnerability": "VCID-b3hg-mjga-nbg1" }, { "vulnerability": "VCID-dazh-ypb5-akfp" }, { "vulnerability": "VCID-ryy7-f45d-yyhv" }, { "vulnerability": "VCID-wsby-unw4-zqe7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:25.2.3%252Bdfsg-1%252Bdeb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93551?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.1%2Bdfsg-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.1%252Bdfsg-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93545?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.1%2Bdfsg-1%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uh8-nhph-gfb6" }, { "vulnerability": "VCID-883b-48uw-6yag" }, { "vulnerability": "VCID-aqqx-g7d3-1yfy" }, { "vulnerability": "VCID-dazh-ypb5-akfp" }, { "vulnerability": "VCID-n6dc-39d1-83cr" }, { "vulnerability": "VCID-ryy7-f45d-yyhv" }, { "vulnerability": "VCID-wsby-unw4-zqe7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.1%252Bdfsg-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93550?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.3%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.3%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93544?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.12%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.12%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-48038" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xj5e-tw9x-v3be" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5723?format=api", "vulnerability_id": "VCID-xsdb-g1sd-7kdk", "summary": "certificate verification bypass", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35733.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35733.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35733", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00172", "scoring_system": "epss", "scoring_elements": "0.38138", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35733" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35733", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35733" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1918203", "reference_id": "1918203", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1918203" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980199", "reference_id": "980199", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980199" }, { "reference_url": "https://security.archlinux.org/ASA-202101-39", "reference_id": "ASA-202101-39", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202101-39" }, { "reference_url": "https://security.archlinux.org/AVG-1457", "reference_id": "AVG-1457", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1457" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93556?format=api", "purl": "pkg:deb/debian/erlang@1:23.2.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:23.2.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93543?format=api", "purl": "pkg:deb/debian/erlang@1:23.2.6%2Bdfsg-1%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uh8-nhph-gfb6" }, { "vulnerability": "VCID-883b-48uw-6yag" }, { "vulnerability": "VCID-b3hg-mjga-nbg1" }, { "vulnerability": "VCID-dazh-ypb5-akfp" }, { "vulnerability": "VCID-dccw-cx8r-r7a1" }, { "vulnerability": "VCID-ryy7-f45d-yyhv" }, { "vulnerability": "VCID-wsby-unw4-zqe7" }, { "vulnerability": "VCID-yyfx-f783-fqgk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:23.2.6%252Bdfsg-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93541?format=api", "purl": "pkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uh8-nhph-gfb6" }, { "vulnerability": "VCID-883b-48uw-6yag" }, { "vulnerability": "VCID-b3hg-mjga-nbg1" }, { "vulnerability": "VCID-dazh-ypb5-akfp" }, { "vulnerability": "VCID-ryy7-f45d-yyhv" }, { "vulnerability": "VCID-wsby-unw4-zqe7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:25.2.3%252Bdfsg-1%252Bdeb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93545?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.1%2Bdfsg-1%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uh8-nhph-gfb6" }, { "vulnerability": "VCID-883b-48uw-6yag" }, { "vulnerability": "VCID-aqqx-g7d3-1yfy" }, { "vulnerability": "VCID-dazh-ypb5-akfp" }, { "vulnerability": "VCID-n6dc-39d1-83cr" }, { "vulnerability": "VCID-ryy7-f45d-yyhv" }, { "vulnerability": "VCID-wsby-unw4-zqe7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.1%252Bdfsg-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93544?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.12%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.12%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-35733" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xsdb-g1sd-7kdk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66609?format=api", "vulnerability_id": "VCID-y5wa-kc42-3bbw", "summary": "The random number generator in the Crypto application before 2.0.2.2, and SSH before 2.0.5, as used in the Erlang/OTP ssh library before R14B03, uses predictable seeds based on the current time, which makes it easier for remote attackers to guess DSA host and SSH session keys.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0766", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03371", "scoring_system": "epss", "scoring_elements": "0.87584", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0766" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=628456", "reference_id": "628456", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=628456" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93542?format=api", "purl": "pkg:deb/debian/erlang@1:14.b.3-dfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:14.b.3-dfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93543?format=api", "purl": "pkg:deb/debian/erlang@1:23.2.6%2Bdfsg-1%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uh8-nhph-gfb6" }, { "vulnerability": "VCID-883b-48uw-6yag" }, { "vulnerability": "VCID-b3hg-mjga-nbg1" }, { "vulnerability": "VCID-dazh-ypb5-akfp" }, { "vulnerability": "VCID-dccw-cx8r-r7a1" }, { "vulnerability": "VCID-ryy7-f45d-yyhv" }, { "vulnerability": "VCID-wsby-unw4-zqe7" }, { "vulnerability": "VCID-yyfx-f783-fqgk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:23.2.6%252Bdfsg-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93541?format=api", "purl": "pkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uh8-nhph-gfb6" }, { "vulnerability": "VCID-883b-48uw-6yag" }, { "vulnerability": "VCID-b3hg-mjga-nbg1" }, { "vulnerability": "VCID-dazh-ypb5-akfp" }, { "vulnerability": "VCID-ryy7-f45d-yyhv" }, { "vulnerability": "VCID-wsby-unw4-zqe7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:25.2.3%252Bdfsg-1%252Bdeb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93545?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.1%2Bdfsg-1%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uh8-nhph-gfb6" }, { "vulnerability": "VCID-883b-48uw-6yag" }, { "vulnerability": "VCID-aqqx-g7d3-1yfy" }, { "vulnerability": "VCID-dazh-ypb5-akfp" }, { "vulnerability": "VCID-n6dc-39d1-83cr" }, { "vulnerability": "VCID-ryy7-f45d-yyhv" }, { "vulnerability": "VCID-wsby-unw4-zqe7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.1%252Bdfsg-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93544?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.12%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.12%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2011-0766" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y5wa-kc42-3bbw" } ], "risk_score": "3.6", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:23.2.6%252Bdfsg-1%252Bdeb11u1%3Fdistro=trixie" }