Package List
Lookup for vulnerable packages by Package URL.
GET /api/packages/?format=api&page=2
{ "count": 1067047, "next": "http://public2.vulnerablecode.io/api/packages/?format=api&page=3", "previous": "http://public2.vulnerablecode.io/api/packages/?format=api", "results": [ { "url": "http://public2.vulnerablecode.io/api/packages/372963?format=api", "purl": "pkg:alpm/archlinux/bind@9.11.1.P2-1", "type": "alpm", "namespace": "archlinux", "name": "bind", "version": "9.11.1.P2-1", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "9.11.2.P1-1", "latest_non_vulnerable_version": "9.20.9-1", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/71886?format=api", "vulnerability_id": "VCID-ddg3-vmpb-cbhs", "summary": "security update", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3142.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3142.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-3142", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04951", "scoring_system": "epss", "scoring_elements": "0.89613", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.04951", "scoring_system": "epss", "scoring_elements": "0.89652", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.04951", "scoring_system": "epss", "scoring_elements": "0.89629", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.04951", "scoring_system": "epss", "scoring_elements": "0.8963", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.04951", "scoring_system": "epss", "scoring_elements": "0.89647", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.04951", "scoring_system": "epss", "scoring_elements": "0.89653", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.04951", "scoring_system": "epss", "scoring_elements": "0.8966", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.04951", "scoring_system": "epss", "scoring_elements": "0.89658", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.04951", "scoring_system": "epss", "scoring_elements": "0.89616", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-3142" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3142", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3142" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3143", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3143" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03772en_us", "reference_id": "", "reference_type": "", "scores": [], "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03772en_us" }, { "reference_url": "https://kb.isc.org/docs/aa-01504", "reference_id": "", "reference_type": "", "scores": [], "url": "https://kb.isc.org/docs/aa-01504" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190830-0003/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20190830-0003/" }, { "reference_url": "https://www.debian.org/security/2017/dsa-3904", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2017/dsa-3904" }, { "reference_url": "http://www.securityfocus.com/bid/99339", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/99339" }, { "reference_url": "http://www.securitytracker.com/id/1038809", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1038809" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1466189", "reference_id": "1466189", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1466189" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866564", "reference_id": "866564", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866564" }, { "reference_url": "https://security.archlinux.org/ASA-201707-3", "reference_id": "ASA-201707-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201707-3" }, { "reference_url": "https://security.archlinux.org/AVG-335", "reference_id": "AVG-335", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-335" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:p1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.10.5:p1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:p1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:s1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.10.5:s1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:s1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:s2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.10.5:s2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:s2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.1:p1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.11.1:p1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.1:p1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.0:p1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.9.0:p1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.0:p1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.10:s2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.9.10:s2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.10:s2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.3:s1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.9.3:s1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.3:s1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3142", "reference_id": "CVE-2017-3142", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:N/A:N" }, { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3142" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1679", "reference_id": "RHSA-2017:1679", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1679" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1680", "reference_id": "RHSA-2017:1680", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1680" }, { "reference_url": "https://usn.ubuntu.com/3346-1/", "reference_id": "USN-3346-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3346-1/" }, { "reference_url": "https://usn.ubuntu.com/3346-3/", "reference_id": "USN-3346-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3346-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372963?format=api", "purl": "pkg:alpm/archlinux/bind@9.11.1.P2-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.11.1.P2-1" } ], "aliases": [ "CVE-2017-3142" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ddg3-vmpb-cbhs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/71887?format=api", "vulnerability_id": "VCID-tg7b-ra4c-cue1", "summary": "security update", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3143.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3143.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-3143", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.26927", "scoring_system": "epss", "scoring_elements": "0.96329", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.26927", "scoring_system": "epss", "scoring_elements": "0.96364", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.26927", "scoring_system": "epss", "scoring_elements": "0.96337", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.26927", "scoring_system": "epss", "scoring_elements": "0.96341", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.26927", "scoring_system": "epss", "scoring_elements": "0.96345", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.26927", "scoring_system": "epss", "scoring_elements": "0.96353", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.26927", "scoring_system": "epss", "scoring_elements": "0.96357", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.26927", "scoring_system": "epss", "scoring_elements": "0.96361", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-3143" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3142", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3142" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3143", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3143" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:C/A:N" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03772en_us", "reference_id": "", "reference_type": "", "scores": [], "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03772en_us" }, { "reference_url": "https://kb.isc.org/docs/aa-01503", "reference_id": "", "reference_type": "", "scores": [], "url": "https://kb.isc.org/docs/aa-01503" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190830-0003/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20190830-0003/" }, { "reference_url": "https://www.debian.org/security/2017/dsa-3904", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2017/dsa-3904" }, { "reference_url": "http://www.securityfocus.com/bid/99337", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/99337" }, { "reference_url": "http://www.securitytracker.com/id/1038809", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1038809" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1466193", "reference_id": "1466193", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1466193" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866564", "reference_id": "866564", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866564" }, { "reference_url": "https://security.archlinux.org/ASA-201707-3", "reference_id": "ASA-201707-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201707-3" }, { "reference_url": "https://security.archlinux.org/AVG-335", "reference_id": "AVG-335", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-335" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:p1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.10.5:p1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:p1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:s1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.10.5:s1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:s1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:s2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.10.5:s2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:s2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.1:p1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.11.1:p1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.1:p1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.0:p1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.9.0:p1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.0:p1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.10:s2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.9.10:s2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.10:s2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.3:s1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.9.3:s1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.3:s1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3143", "reference_id": "CVE-2017-3143", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3143" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1679", "reference_id": "RHSA-2017:1679", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1679" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1680", "reference_id": "RHSA-2017:1680", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1680" }, { "reference_url": "https://usn.ubuntu.com/3346-1/", "reference_id": "USN-3346-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3346-1/" }, { "reference_url": "https://usn.ubuntu.com/3346-3/", "reference_id": "USN-3346-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3346-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372963?format=api", "purl": "pkg:alpm/archlinux/bind@9.11.1.P2-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.11.1.P2-1" } ], "aliases": [ "CVE-2017-3143" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tg7b-ra4c-cue1" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.11.1.P2-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/372809?format=api", "purl": "pkg:alpm/archlinux/bind@9.11.2-1", "type": "alpm", "namespace": "archlinux", "name": "bind", "version": "9.11.2-1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "9.11.2.P1-1", "latest_non_vulnerable_version": "9.20.9-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/71888?format=api", "vulnerability_id": "VCID-s9ua-j61v-jbch", "summary": "security update", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3145.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3145.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-3145", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0799", "scoring_system": "epss", "scoring_elements": "0.92054", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0799", "scoring_system": "epss", "scoring_elements": "0.92087", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0799", "scoring_system": "epss", "scoring_elements": "0.92088", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0799", "scoring_system": "epss", "scoring_elements": "0.92092", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0799", "scoring_system": "epss", "scoring_elements": "0.9206", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0799", "scoring_system": "epss", "scoring_elements": "0.92069", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0799", "scoring_system": "epss", "scoring_elements": "0.92072", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0799", "scoring_system": "epss", "scoring_elements": "0.92084", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-3145" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3145", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3145" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1534812", "reference_id": "1534812", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1534812" }, { "reference_url": "https://security.archlinux.org/ASA-201801-16", "reference_id": "ASA-201801-16", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201801-16" }, { "reference_url": "https://security.archlinux.org/AVG-589", "reference_id": "AVG-589", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-589" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0101", "reference_id": "RHSA-2018:0101", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:0101" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0102", "reference_id": "RHSA-2018:0102", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:0102" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0487", "reference_id": "RHSA-2018:0487", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:0487" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0488", "reference_id": "RHSA-2018:0488", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:0488" }, { "reference_url": "https://usn.ubuntu.com/3535-1/", "reference_id": "USN-3535-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3535-1/" }, { "reference_url": "https://usn.ubuntu.com/3535-2/", "reference_id": "USN-3535-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3535-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372810?format=api", "purl": "pkg:alpm/archlinux/bind@9.11.2.P1-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.11.2.P1-1" } ], "aliases": [ "CVE-2017-3145" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s9ua-j61v-jbch" } ], "fixing_vulnerabilities": [], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.11.2-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/372810?format=api", "purl": "pkg:alpm/archlinux/bind@9.11.2.P1-1", "type": "alpm", "namespace": "archlinux", "name": "bind", "version": "9.11.2.P1-1", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "9.12.1.P2-1", "latest_non_vulnerable_version": "9.20.9-1", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/71888?format=api", "vulnerability_id": "VCID-s9ua-j61v-jbch", "summary": "security update", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3145.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3145.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-3145", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0799", "scoring_system": "epss", "scoring_elements": "0.92054", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0799", "scoring_system": "epss", "scoring_elements": "0.92087", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0799", "scoring_system": "epss", "scoring_elements": "0.92088", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0799", "scoring_system": "epss", "scoring_elements": "0.92092", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0799", "scoring_system": "epss", "scoring_elements": "0.9206", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0799", "scoring_system": "epss", "scoring_elements": "0.92069", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0799", "scoring_system": "epss", "scoring_elements": "0.92072", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0799", "scoring_system": "epss", "scoring_elements": "0.92084", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-3145" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3145", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3145" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1534812", "reference_id": "1534812", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1534812" }, { "reference_url": "https://security.archlinux.org/ASA-201801-16", "reference_id": "ASA-201801-16", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201801-16" }, { "reference_url": "https://security.archlinux.org/AVG-589", "reference_id": "AVG-589", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-589" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0101", "reference_id": "RHSA-2018:0101", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:0101" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0102", "reference_id": "RHSA-2018:0102", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:0102" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0487", "reference_id": "RHSA-2018:0487", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:0487" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0488", "reference_id": "RHSA-2018:0488", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:0488" }, { "reference_url": "https://usn.ubuntu.com/3535-1/", "reference_id": "USN-3535-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3535-1/" }, { "reference_url": "https://usn.ubuntu.com/3535-2/", "reference_id": "USN-3535-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3535-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372810?format=api", "purl": "pkg:alpm/archlinux/bind@9.11.2.P1-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.11.2.P1-1" } ], "aliases": [ "CVE-2017-3145" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s9ua-j61v-jbch" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.11.2.P1-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/374385?format=api", "purl": "pkg:alpm/archlinux/bind@9.12.1-1", "type": "alpm", "namespace": "archlinux", "name": "bind", "version": "9.12.1-1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "9.12.1.P2-1", "latest_non_vulnerable_version": "9.20.9-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83448?format=api", "vulnerability_id": "VCID-29ng-3xgz-hbh5", "summary": "bind: Multiple transfers of a zone in quick succession can cause an assertion failure in rbtdb.c", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5736.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5736.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-5736", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.42906", "scoring_system": "epss", "scoring_elements": "0.97457", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.42906", "scoring_system": "epss", "scoring_elements": "0.97482", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.42906", "scoring_system": "epss", "scoring_elements": "0.97476", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.42906", "scoring_system": "epss", "scoring_elements": "0.97479", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.42906", "scoring_system": "epss", "scoring_elements": "0.97481", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.42906", "scoring_system": "epss", "scoring_elements": "0.97464", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.42906", "scoring_system": "epss", "scoring_elements": "0.97468", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.42906", "scoring_system": "epss", "scoring_elements": "0.97475", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-5736" }, { "reference_url": "https://kb.isc.org/docs/aa-01602", "reference_id": "", "reference_type": "", "scores": [], "url": "https://kb.isc.org/docs/aa-01602" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20180926-0004/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20180926-0004/" }, { "reference_url": "http://www.securityfocus.com/bid/104386", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/104386" }, { "reference_url": "http://www.securitytracker.com/id/1040941", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1040941" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1578591", "reference_id": "1578591", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1578591" }, { "reference_url": "https://security.archlinux.org/ASA-201805-20", "reference_id": "ASA-201805-20", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201805-20" }, { "reference_url": "https://security.archlinux.org/AVG-706", "reference_id": "AVG-706", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-706" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.12.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.12.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5736", "reference_id": "CVE-2018-5736", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:S/C:N/I:N/A:P" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5736" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374386?format=api", "purl": "pkg:alpm/archlinux/bind@9.12.1.P2-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.12.1.P2-1" } ], "aliases": [ "CVE-2018-5736" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-29ng-3xgz-hbh5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83449?format=api", "vulnerability_id": "VCID-5pz4-bxq7-27gh", "summary": "bind: Interaction between NSEC aggresive negative caching and the serve-stale feature can cause a denial of service", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5737.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5737.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-5737", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01186", "scoring_system": "epss", "scoring_elements": "0.7874", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01186", "scoring_system": "epss", "scoring_elements": "0.78791", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01186", "scoring_system": "epss", "scoring_elements": "0.78787", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01186", "scoring_system": "epss", "scoring_elements": "0.78794", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01186", "scoring_system": "epss", "scoring_elements": "0.78817", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01186", "scoring_system": "epss", "scoring_elements": "0.788", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01186", "scoring_system": "epss", "scoring_elements": "0.78748", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01186", "scoring_system": "epss", "scoring_elements": "0.78779", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01186", "scoring_system": "epss", "scoring_elements": "0.78761", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-5737" }, { "reference_url": "https://kb.isc.org/docs/aa-01606", "reference_id": "", "reference_type": "", "scores": [], "url": "https://kb.isc.org/docs/aa-01606" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20180926-0004/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20180926-0004/" }, { "reference_url": "http://www.securityfocus.com/bid/104236", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/104236" }, { "reference_url": "http://www.securitytracker.com/id/1040942", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1040942" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1578593", "reference_id": "1578593", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1578593" }, { "reference_url": "https://security.archlinux.org/ASA-201805-20", "reference_id": "ASA-201805-20", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201805-20" }, { "reference_url": "https://security.archlinux.org/AVG-706", "reference_id": "AVG-706", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-706" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.12.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.12.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5737", "reference_id": "CVE-2018-5737", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5737" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374386?format=api", "purl": "pkg:alpm/archlinux/bind@9.12.1.P2-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.12.1.P2-1" } ], "aliases": [ "CVE-2018-5737" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5pz4-bxq7-27gh" } ], "fixing_vulnerabilities": [], "risk_score": "3.4", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.12.1-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/374386?format=api", "purl": "pkg:alpm/archlinux/bind@9.12.1.P2-1", "type": "alpm", "namespace": "archlinux", "name": "bind", "version": "9.12.1.P2-1", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "9.13.2-1", "latest_non_vulnerable_version": "9.20.9-1", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83448?format=api", "vulnerability_id": "VCID-29ng-3xgz-hbh5", "summary": "bind: Multiple transfers of a zone in quick succession can cause an assertion failure in rbtdb.c", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5736.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5736.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-5736", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.42906", "scoring_system": "epss", "scoring_elements": "0.97457", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.42906", "scoring_system": "epss", "scoring_elements": "0.97482", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.42906", "scoring_system": "epss", "scoring_elements": "0.97476", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.42906", "scoring_system": "epss", "scoring_elements": "0.97479", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.42906", "scoring_system": "epss", "scoring_elements": "0.97481", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.42906", "scoring_system": "epss", "scoring_elements": "0.97464", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.42906", "scoring_system": "epss", "scoring_elements": "0.97468", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.42906", "scoring_system": "epss", "scoring_elements": "0.97475", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-5736" }, { "reference_url": "https://kb.isc.org/docs/aa-01602", "reference_id": "", "reference_type": "", "scores": [], "url": "https://kb.isc.org/docs/aa-01602" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20180926-0004/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20180926-0004/" }, { "reference_url": "http://www.securityfocus.com/bid/104386", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/104386" }, { "reference_url": "http://www.securitytracker.com/id/1040941", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1040941" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1578591", "reference_id": "1578591", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1578591" }, { "reference_url": "https://security.archlinux.org/ASA-201805-20", "reference_id": "ASA-201805-20", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201805-20" }, { "reference_url": "https://security.archlinux.org/AVG-706", "reference_id": "AVG-706", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-706" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.12.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.12.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5736", "reference_id": "CVE-2018-5736", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:S/C:N/I:N/A:P" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5736" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374386?format=api", "purl": "pkg:alpm/archlinux/bind@9.12.1.P2-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.12.1.P2-1" } ], "aliases": [ "CVE-2018-5736" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-29ng-3xgz-hbh5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83449?format=api", "vulnerability_id": "VCID-5pz4-bxq7-27gh", "summary": "bind: Interaction between NSEC aggresive negative caching and the serve-stale feature can cause a denial of service", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5737.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5737.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-5737", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01186", "scoring_system": "epss", "scoring_elements": "0.7874", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01186", "scoring_system": "epss", "scoring_elements": "0.78791", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01186", "scoring_system": "epss", "scoring_elements": "0.78787", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01186", "scoring_system": "epss", "scoring_elements": "0.78794", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01186", "scoring_system": "epss", "scoring_elements": "0.78817", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01186", "scoring_system": "epss", "scoring_elements": "0.788", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01186", "scoring_system": "epss", "scoring_elements": "0.78748", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01186", "scoring_system": "epss", "scoring_elements": "0.78779", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01186", "scoring_system": "epss", "scoring_elements": "0.78761", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-5737" }, { "reference_url": "https://kb.isc.org/docs/aa-01606", "reference_id": "", "reference_type": "", "scores": [], "url": "https://kb.isc.org/docs/aa-01606" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20180926-0004/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20180926-0004/" }, { "reference_url": "http://www.securityfocus.com/bid/104236", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/104236" }, { "reference_url": "http://www.securitytracker.com/id/1040942", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1040942" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1578593", "reference_id": "1578593", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1578593" }, { "reference_url": "https://security.archlinux.org/ASA-201805-20", "reference_id": "ASA-201805-20", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201805-20" }, { "reference_url": "https://security.archlinux.org/AVG-706", "reference_id": "AVG-706", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-706" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.12.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.12.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5737", "reference_id": "CVE-2018-5737", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5737" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374386?format=api", "purl": "pkg:alpm/archlinux/bind@9.12.1.P2-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.12.1.P2-1" } ], "aliases": [ "CVE-2018-5737" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5pz4-bxq7-27gh" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.12.1.P2-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/374383?format=api", "purl": "pkg:alpm/archlinux/bind@9.13.0-2", "type": "alpm", "namespace": "archlinux", "name": "bind", "version": "9.13.0-2", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "9.13.2-1", "latest_non_vulnerable_version": "9.20.9-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46956?format=api", "vulnerability_id": "VCID-3kvk-745c-tfaf", "summary": "Multiple vulnerabilities have been found in BIND, the worst of\n which could result in a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5738.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5738.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-5738", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03303", "scoring_system": "epss", "scoring_elements": "0.87181", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.03303", "scoring_system": "epss", "scoring_elements": "0.87235", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.03303", "scoring_system": "epss", "scoring_elements": "0.87205", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.03303", "scoring_system": "epss", "scoring_elements": "0.87226", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.03303", "scoring_system": "epss", "scoring_elements": "0.87233", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.03303", "scoring_system": "epss", "scoring_elements": "0.87246", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.03303", "scoring_system": "epss", "scoring_elements": "0.87239", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.03303", "scoring_system": "epss", "scoring_elements": "0.87191", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.03303", "scoring_system": "epss", "scoring_elements": "0.87208", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-5738" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5738", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5738" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://kb.isc.org/docs/aa-01616", "reference_id": "", "reference_type": "", "scores": [], "url": "https://kb.isc.org/docs/aa-01616" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190830-0002/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20190830-0002/" }, { "reference_url": "http://www.securitytracker.com/id/1041115", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1041115" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1589616", "reference_id": "1589616", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1589616" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901483", "reference_id": "901483", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901483" }, { "reference_url": "https://security.archlinux.org/AVG-718", "reference_id": "AVG-718", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-718" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.10.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.7:s1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.10.7:s1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.7:s1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.11.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.3:s1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.11.3:s1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.3:s1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.3:s2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.11.3:s2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.3:s2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.12.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.0:a1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.12.0:a1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.0:a1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.0:b1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.12.0:b1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.0:b1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.0:b2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.12.0:b2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.0:b2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.12.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.0:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.12.0:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.0:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.12.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.1:p1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.12.1:p1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.1:p1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.1:p2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.12.1:p2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.1:p2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.13.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.13.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.13.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.9.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.12:s1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.9.12:s1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.12:s1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5738", "reference_id": "CVE-2018-5738", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5738" }, { "reference_url": "https://security.gentoo.org/glsa/201903-13", "reference_id": "GLSA-201903-13", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201903-13" }, { "reference_url": "https://usn.ubuntu.com/3683-1/", "reference_id": "USN-3683-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3683-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374384?format=api", "purl": "pkg:alpm/archlinux/bind@9.13.2-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.13.2-1" } ], "aliases": [ "CVE-2018-5738" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3kvk-745c-tfaf" } ], "fixing_vulnerabilities": [], "risk_score": "3.4", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.13.0-2" }, { "url": "http://public2.vulnerablecode.io/api/packages/374384?format=api", "purl": "pkg:alpm/archlinux/bind@9.13.2-1", "type": "alpm", "namespace": "archlinux", "name": "bind", "version": "9.13.2-1", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "9.13.7-1", "latest_non_vulnerable_version": "9.20.9-1", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46956?format=api", "vulnerability_id": "VCID-3kvk-745c-tfaf", "summary": "Multiple vulnerabilities have been found in BIND, the worst of\n which could result in a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5738.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5738.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-5738", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03303", "scoring_system": "epss", "scoring_elements": "0.87181", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.03303", "scoring_system": "epss", "scoring_elements": "0.87235", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.03303", "scoring_system": "epss", "scoring_elements": "0.87205", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.03303", "scoring_system": "epss", "scoring_elements": "0.87226", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.03303", "scoring_system": "epss", "scoring_elements": "0.87233", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.03303", "scoring_system": "epss", "scoring_elements": "0.87246", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.03303", "scoring_system": "epss", "scoring_elements": "0.87239", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.03303", "scoring_system": "epss", "scoring_elements": "0.87191", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.03303", "scoring_system": "epss", "scoring_elements": "0.87208", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-5738" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5738", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5738" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://kb.isc.org/docs/aa-01616", "reference_id": "", "reference_type": "", "scores": [], "url": "https://kb.isc.org/docs/aa-01616" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190830-0002/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20190830-0002/" }, { "reference_url": "http://www.securitytracker.com/id/1041115", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1041115" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1589616", "reference_id": "1589616", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1589616" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901483", "reference_id": "901483", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901483" }, { "reference_url": "https://security.archlinux.org/AVG-718", "reference_id": "AVG-718", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-718" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.10.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.7:s1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.10.7:s1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.7:s1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.11.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.3:s1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.11.3:s1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.3:s1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.3:s2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.11.3:s2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.3:s2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.12.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.0:a1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.12.0:a1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.0:a1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.0:b1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.12.0:b1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.0:b1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.0:b2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.12.0:b2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.0:b2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.12.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.0:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.12.0:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.0:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.12.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.1:p1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.12.1:p1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.1:p1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.1:p2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.12.1:p2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.1:p2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.13.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.13.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.13.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.9.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.12:s1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.9.12:s1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.12:s1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5738", "reference_id": "CVE-2018-5738", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5738" }, { "reference_url": "https://security.gentoo.org/glsa/201903-13", "reference_id": "GLSA-201903-13", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201903-13" }, { "reference_url": "https://usn.ubuntu.com/3683-1/", "reference_id": "USN-3683-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3683-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374384?format=api", "purl": "pkg:alpm/archlinux/bind@9.13.2-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.13.2-1" } ], "aliases": [ "CVE-2018-5738" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3kvk-745c-tfaf" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.13.2-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/372561?format=api", "purl": "pkg:alpm/archlinux/bind@9.13.5-5", "type": "alpm", "namespace": "archlinux", "name": "bind", "version": "9.13.5-5", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "9.13.7-1", "latest_non_vulnerable_version": "9.20.9-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77399?format=api", "vulnerability_id": "VCID-4sf3-myam-p3bp", "summary": "security update", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-6465.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-6465.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-6465", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0128", "scoring_system": "epss", "scoring_elements": "0.79523", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0128", "scoring_system": "epss", "scoring_elements": "0.79571", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0128", "scoring_system": "epss", "scoring_elements": "0.79538", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0128", "scoring_system": "epss", "scoring_elements": "0.79566", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0128", "scoring_system": "epss", "scoring_elements": "0.79573", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0128", "scoring_system": "epss", "scoring_elements": "0.79595", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0128", "scoring_system": "epss", "scoring_elements": "0.79579", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0128", "scoring_system": "epss", "scoring_elements": "0.79529", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0128", "scoring_system": "epss", "scoring_elements": "0.79551", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-6465" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5743", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5743" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5745", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5745" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6465", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6465" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://kb.isc.org/docs/cve-2019-6465", "reference_id": "", "reference_type": "", "scores": [], "url": "https://kb.isc.org/docs/cve-2019-6465" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1679304", "reference_id": "1679304", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1679304" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922955", "reference_id": "922955", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922955" }, { "reference_url": "https://security.archlinux.org/ASA-201902-25", "reference_id": "ASA-201902-25", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201902-25" }, { "reference_url": "https://security.archlinux.org/AVG-915", "reference_id": "AVG-915", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-915" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.8:-:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.10.8:-:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.8:-:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.8:p1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.10.8:p1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.8:p1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.5:-:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.11.5:-:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.5:-:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.5:p1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.11.5:p1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.5:p1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.5:p2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.11.5:p2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.5:p2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.5:s3:*:*:supported_preview:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.11.5:s3:*:*:supported_preview:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.5:s3:*:*:supported_preview:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.3:-:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.12.3:-:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.3:-:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.3:p1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.12.3:p1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.3:p1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.3:p2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.12.3:p2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.3:p2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.3:s1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.9.3:s1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.3:s1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6465", "reference_id": "CVE-2019-6465", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6465" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3552", "reference_id": "RHSA-2019:3552", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3552" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1061", "reference_id": "RHSA-2020:1061", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1061" }, { "reference_url": "https://usn.ubuntu.com/3893-1/", "reference_id": "USN-3893-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3893-1/" }, { "reference_url": "https://usn.ubuntu.com/3893-2/", "reference_id": "USN-3893-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3893-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372562?format=api", "purl": "pkg:alpm/archlinux/bind@9.13.7-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.13.7-1" } ], "aliases": [ "CVE-2019-6465" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4sf3-myam-p3bp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/82769?format=api", "vulnerability_id": "VCID-e8xu-cq82-x3bw", "summary": "bind: A specially crafted packet can cause named to leak memory", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5744.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5744.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-5744", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04441", "scoring_system": "epss", "scoring_elements": "0.88999", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.04441", "scoring_system": "epss", "scoring_elements": "0.89052", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.04441", "scoring_system": "epss", "scoring_elements": "0.89024", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.04441", "scoring_system": "epss", "scoring_elements": "0.89042", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.04441", "scoring_system": "epss", "scoring_elements": "0.89047", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.04441", "scoring_system": "epss", "scoring_elements": "0.89059", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.04441", "scoring_system": "epss", "scoring_elements": "0.89055", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.04441", "scoring_system": "epss", "scoring_elements": "0.89007", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.04441", "scoring_system": "epss", "scoring_elements": "0.89022", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-5744" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5744", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5744" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://kb.isc.org/docs/cve-2018-5744", "reference_id": "", "reference_type": "", "scores": [], "url": "https://kb.isc.org/docs/cve-2018-5744" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1679299", "reference_id": "1679299", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1679299" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922953", "reference_id": "922953", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922953" }, { "reference_url": "https://security.archlinux.org/ASA-201902-25", "reference_id": "ASA-201902-25", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201902-25" }, { "reference_url": "https://security.archlinux.org/AVG-915", "reference_id": "AVG-915", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-915" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.7:s1:*:*:supported_preview:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.10.7:s1:*:*:supported_preview:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.7:s1:*:*:supported_preview:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.8:-:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.10.8:-:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.8:-:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.8:p1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.10.8:p1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.8:p1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.8:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.10.8:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.8:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.8:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.10.8:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.8:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.5:-:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.11.5:-:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.5:-:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.5:p1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.11.5:p1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.5:p1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.5:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.11.5:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.5:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.5:s3:*:*:supported_preview:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.11.5:s3:*:*:supported_preview:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.5:s3:*:*:supported_preview:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.3:-:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.12.3:-:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.3:-:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.3:p1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.12.3:p1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.3:p1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.3:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.12.3:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.3:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5744", "reference_id": "CVE-2018-5744", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5744" }, { "reference_url": "https://usn.ubuntu.com/3893-1/", "reference_id": "USN-3893-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3893-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372562?format=api", "purl": "pkg:alpm/archlinux/bind@9.13.7-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.13.7-1" } ], "aliases": [ "CVE-2018-5744" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e8xu-cq82-x3bw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77398?format=api", "vulnerability_id": "VCID-sna2-5cuy-4fa2", "summary": "security update", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5745.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5745.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-5745", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0053", "scoring_system": "epss", "scoring_elements": "0.67154", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0053", "scoring_system": "epss", "scoring_elements": "0.67191", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0053", "scoring_system": "epss", "scoring_elements": "0.67215", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0053", "scoring_system": "epss", "scoring_elements": "0.67242", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0053", "scoring_system": "epss", "scoring_elements": "0.67256", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0053", "scoring_system": "epss", "scoring_elements": "0.67276", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0053", "scoring_system": "epss", "scoring_elements": "0.67262", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00533", "scoring_system": "epss", "scoring_elements": "0.67382", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-5745" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5743", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5743" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5745", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5745" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6465", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6465" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://kb.isc.org/docs/cve-2018-5745", "reference_id": "", "reference_type": "", "scores": [], "url": "https://kb.isc.org/docs/cve-2018-5745" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1679303", "reference_id": "1679303", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1679303" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922954", "reference_id": "922954", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922954" }, { "reference_url": "https://security.archlinux.org/ASA-201902-25", "reference_id": "ASA-201902-25", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201902-25" }, { "reference_url": "https://security.archlinux.org/AVG-915", "reference_id": "AVG-915", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-915" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.7:-:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.10.7:-:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.7:-:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.8:p1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.10.8:p1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.8:p1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.5:-:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.11.5:-:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.5:-:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.5:p1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.11.5:p1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.5:p1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.5:s3:*:*:*:supported_preview:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.11.5:s3:*:*:*:supported_preview:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.5:s3:*:*:*:supported_preview:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.3:-:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.12.3:-:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.3:-:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.3:p1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.12.3:p1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.3:p1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.3:s1:*:*:*:supported_preview:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.9.3:s1:*:*:*:supported_preview:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.3:s1:*:*:*:supported_preview:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5745", "reference_id": "CVE-2018-5745", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:S/C:N/I:N/A:P" }, { "value": "4.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5745" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3552", "reference_id": "RHSA-2019:3552", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3552" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1061", "reference_id": "RHSA-2020:1061", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1061" }, { "reference_url": "https://usn.ubuntu.com/3893-1/", "reference_id": "USN-3893-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3893-1/" }, { "reference_url": "https://usn.ubuntu.com/3893-2/", "reference_id": "USN-3893-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3893-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372562?format=api", "purl": "pkg:alpm/archlinux/bind@9.13.7-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.13.7-1" } ], "aliases": [ "CVE-2018-5745" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sna2-5cuy-4fa2" } ], "fixing_vulnerabilities": [], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.13.5-5" }, { "url": "http://public2.vulnerablecode.io/api/packages/372562?format=api", "purl": "pkg:alpm/archlinux/bind@9.13.7-1", "type": "alpm", "namespace": "archlinux", "name": "bind", "version": "9.13.7-1", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "9.14.7-1", "latest_non_vulnerable_version": "9.20.9-1", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77399?format=api", "vulnerability_id": "VCID-4sf3-myam-p3bp", "summary": "security update", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-6465.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-6465.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-6465", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0128", "scoring_system": "epss", "scoring_elements": "0.79523", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0128", "scoring_system": "epss", "scoring_elements": "0.79571", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0128", "scoring_system": "epss", "scoring_elements": "0.79538", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0128", "scoring_system": "epss", "scoring_elements": "0.79566", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0128", "scoring_system": "epss", "scoring_elements": "0.79573", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0128", "scoring_system": "epss", "scoring_elements": "0.79595", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0128", "scoring_system": "epss", "scoring_elements": "0.79579", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0128", "scoring_system": "epss", "scoring_elements": "0.79529", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0128", "scoring_system": "epss", "scoring_elements": "0.79551", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-6465" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5743", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5743" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5745", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5745" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6465", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6465" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://kb.isc.org/docs/cve-2019-6465", "reference_id": "", "reference_type": "", "scores": [], "url": "https://kb.isc.org/docs/cve-2019-6465" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1679304", "reference_id": "1679304", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1679304" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922955", "reference_id": "922955", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922955" }, { "reference_url": "https://security.archlinux.org/ASA-201902-25", "reference_id": "ASA-201902-25", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201902-25" }, { "reference_url": "https://security.archlinux.org/AVG-915", "reference_id": "AVG-915", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-915" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.8:-:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.10.8:-:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.8:-:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.8:p1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.10.8:p1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.8:p1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.5:-:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.11.5:-:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.5:-:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.5:p1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.11.5:p1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.5:p1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.5:p2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.11.5:p2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.5:p2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.5:s3:*:*:supported_preview:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.11.5:s3:*:*:supported_preview:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.5:s3:*:*:supported_preview:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.3:-:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.12.3:-:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.3:-:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.3:p1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.12.3:p1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.3:p1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.3:p2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.12.3:p2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.3:p2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.3:s1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.9.3:s1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.3:s1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6465", "reference_id": "CVE-2019-6465", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6465" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3552", "reference_id": "RHSA-2019:3552", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3552" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1061", "reference_id": "RHSA-2020:1061", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1061" }, { "reference_url": "https://usn.ubuntu.com/3893-1/", "reference_id": "USN-3893-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3893-1/" }, { "reference_url": "https://usn.ubuntu.com/3893-2/", "reference_id": "USN-3893-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3893-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372562?format=api", "purl": "pkg:alpm/archlinux/bind@9.13.7-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.13.7-1" } ], "aliases": [ "CVE-2019-6465" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4sf3-myam-p3bp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/82769?format=api", "vulnerability_id": "VCID-e8xu-cq82-x3bw", "summary": "bind: A specially crafted packet can cause named to leak memory", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5744.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5744.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-5744", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04441", "scoring_system": "epss", "scoring_elements": "0.88999", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.04441", "scoring_system": "epss", "scoring_elements": "0.89052", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.04441", "scoring_system": "epss", "scoring_elements": "0.89024", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.04441", "scoring_system": "epss", "scoring_elements": "0.89042", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.04441", "scoring_system": "epss", "scoring_elements": "0.89047", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.04441", "scoring_system": "epss", "scoring_elements": "0.89059", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.04441", "scoring_system": "epss", "scoring_elements": "0.89055", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.04441", "scoring_system": "epss", "scoring_elements": "0.89007", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.04441", "scoring_system": "epss", "scoring_elements": "0.89022", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-5744" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5744", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5744" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://kb.isc.org/docs/cve-2018-5744", "reference_id": "", "reference_type": "", "scores": [], "url": "https://kb.isc.org/docs/cve-2018-5744" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1679299", "reference_id": "1679299", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1679299" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922953", "reference_id": "922953", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922953" }, { "reference_url": "https://security.archlinux.org/ASA-201902-25", "reference_id": "ASA-201902-25", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201902-25" }, { "reference_url": "https://security.archlinux.org/AVG-915", "reference_id": "AVG-915", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-915" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.7:s1:*:*:supported_preview:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.10.7:s1:*:*:supported_preview:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.7:s1:*:*:supported_preview:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.8:-:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.10.8:-:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.8:-:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.8:p1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.10.8:p1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.8:p1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.8:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.10.8:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.8:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.8:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.10.8:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.8:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.5:-:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.11.5:-:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.5:-:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.5:p1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.11.5:p1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.5:p1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.5:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.11.5:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.5:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.5:s3:*:*:supported_preview:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.11.5:s3:*:*:supported_preview:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.5:s3:*:*:supported_preview:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.3:-:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.12.3:-:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.3:-:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.3:p1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.12.3:p1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.3:p1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.3:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.12.3:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.3:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5744", "reference_id": "CVE-2018-5744", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5744" }, { "reference_url": "https://usn.ubuntu.com/3893-1/", "reference_id": "USN-3893-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3893-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372562?format=api", "purl": "pkg:alpm/archlinux/bind@9.13.7-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.13.7-1" } ], "aliases": [ "CVE-2018-5744" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e8xu-cq82-x3bw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77398?format=api", "vulnerability_id": "VCID-sna2-5cuy-4fa2", "summary": "security update", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5745.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5745.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-5745", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0053", "scoring_system": "epss", "scoring_elements": "0.67154", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0053", "scoring_system": "epss", "scoring_elements": "0.67191", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0053", "scoring_system": "epss", "scoring_elements": "0.67215", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0053", "scoring_system": "epss", "scoring_elements": "0.67242", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0053", "scoring_system": "epss", "scoring_elements": "0.67256", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0053", "scoring_system": "epss", "scoring_elements": "0.67276", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0053", "scoring_system": "epss", "scoring_elements": "0.67262", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00533", "scoring_system": "epss", "scoring_elements": "0.67382", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-5745" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5743", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5743" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5745", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5745" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6465", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6465" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://kb.isc.org/docs/cve-2018-5745", "reference_id": "", "reference_type": "", "scores": [], "url": "https://kb.isc.org/docs/cve-2018-5745" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1679303", "reference_id": "1679303", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1679303" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922954", "reference_id": "922954", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922954" }, { "reference_url": "https://security.archlinux.org/ASA-201902-25", "reference_id": "ASA-201902-25", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201902-25" }, { "reference_url": "https://security.archlinux.org/AVG-915", "reference_id": "AVG-915", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-915" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.7:-:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.10.7:-:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.7:-:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.8:p1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.10.8:p1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.8:p1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.5:-:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.11.5:-:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.5:-:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.5:p1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.11.5:p1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.5:p1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.5:s3:*:*:*:supported_preview:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.11.5:s3:*:*:*:supported_preview:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.5:s3:*:*:*:supported_preview:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.3:-:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.12.3:-:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.3:-:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.3:p1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.12.3:p1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.3:p1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.3:s1:*:*:*:supported_preview:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.9.3:s1:*:*:*:supported_preview:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.3:s1:*:*:*:supported_preview:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5745", "reference_id": "CVE-2018-5745", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:S/C:N/I:N/A:P" }, { "value": "4.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5745" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3552", "reference_id": "RHSA-2019:3552", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3552" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1061", "reference_id": "RHSA-2020:1061", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1061" }, { "reference_url": "https://usn.ubuntu.com/3893-1/", "reference_id": "USN-3893-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3893-1/" }, { "reference_url": "https://usn.ubuntu.com/3893-2/", "reference_id": "USN-3893-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3893-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372562?format=api", "purl": "pkg:alpm/archlinux/bind@9.13.7-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.13.7-1" } ], "aliases": [ "CVE-2018-5745" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sna2-5cuy-4fa2" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.13.7-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/374271?format=api", "purl": "pkg:alpm/archlinux/bind@9.14.6-1", "type": "alpm", "namespace": "archlinux", "name": "bind", "version": "9.14.6-1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "9.14.7-1", "latest_non_vulnerable_version": "9.20.9-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81911?format=api", "vulnerability_id": "VCID-7mbz-t9jk-juca", "summary": "bind: A flaw in mirror zone validity checking can allow zone data to be spoofed", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-6475.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-6475.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-6475", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00621", "scoring_system": "epss", "scoring_elements": "0.70006", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00621", "scoring_system": "epss", "scoring_elements": "0.70069", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00621", "scoring_system": "epss", "scoring_elements": "0.70009", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00621", "scoring_system": "epss", "scoring_elements": "0.70057", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00621", "scoring_system": "epss", "scoring_elements": "0.70073", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00621", "scoring_system": "epss", "scoring_elements": "0.70096", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00621", "scoring_system": "epss", "scoring_elements": "0.70082", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00621", "scoring_system": "epss", "scoring_elements": "0.70018", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00621", "scoring_system": "epss", "scoring_elements": "0.70033", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-6475" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://kb.isc.org/docs/cve-2019-6475", "reference_id": "", "reference_type": "", "scores": [], "url": "https://kb.isc.org/docs/cve-2019-6475" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20191024-0004/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20191024-0004/" }, { "reference_url": "https://support.f5.com/csp/article/K42238532?utm_source=f5support&%3Butm_medium=RSS", "reference_id": "", "reference_type": "", "scores": [], "url": "https://support.f5.com/csp/article/K42238532?utm_source=f5support&%3Butm_medium=RSS" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762914", "reference_id": "1762914", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762914" }, { "reference_url": "https://security.archlinux.org/AVG-1056", "reference_id": "AVG-1056", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1056" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6475", "reference_id": "CVE-2019-6475", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:P/A:N" }, { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6475" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374272?format=api", "purl": "pkg:alpm/archlinux/bind@9.14.7-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.14.7-1" } ], "aliases": [ "CVE-2019-6475" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7mbz-t9jk-juca" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81912?format=api", "vulnerability_id": "VCID-cufc-v1hn-jbdn", "summary": "bind: An error in QNAME minimization code can cause BIND to exit with an assertion failure", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-6476.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-6476.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-6476", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01269", "scoring_system": "epss", "scoring_elements": "0.79427", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01269", "scoring_system": "epss", "scoring_elements": "0.79476", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01269", "scoring_system": "epss", "scoring_elements": "0.79445", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01269", "scoring_system": "epss", "scoring_elements": "0.79473", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01269", "scoring_system": "epss", "scoring_elements": "0.79481", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01269", "scoring_system": "epss", "scoring_elements": "0.79503", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01269", "scoring_system": "epss", "scoring_elements": "0.79486", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01269", "scoring_system": "epss", "scoring_elements": "0.79434", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01269", "scoring_system": "epss", "scoring_elements": "0.79458", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-6476" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://kb.isc.org/docs/cve-2019-6476", "reference_id": "", "reference_type": "", "scores": [], "url": "https://kb.isc.org/docs/cve-2019-6476" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20191024-0004/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20191024-0004/" }, { "reference_url": "https://support.f5.com/csp/article/K42238532?utm_source=f5support&%3Butm_medium=RSS", "reference_id": "", "reference_type": "", "scores": [], "url": "https://support.f5.com/csp/article/K42238532?utm_source=f5support&%3Butm_medium=RSS" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762957", "reference_id": "1762957", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762957" }, { "reference_url": "https://security.archlinux.org/AVG-1056", "reference_id": "AVG-1056", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1056" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6476", "reference_id": "CVE-2019-6476", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6476" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374272?format=api", "purl": "pkg:alpm/archlinux/bind@9.14.7-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.14.7-1" } ], "aliases": [ "CVE-2019-6476" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cufc-v1hn-jbdn" } ], "fixing_vulnerabilities": [], "risk_score": "3.4", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.14.6-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/374272?format=api", "purl": "pkg:alpm/archlinux/bind@9.14.7-1", "type": "alpm", "namespace": "archlinux", "name": "bind", "version": "9.14.7-1", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "9.16.4-1", "latest_non_vulnerable_version": "9.20.9-1", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81911?format=api", "vulnerability_id": "VCID-7mbz-t9jk-juca", "summary": "bind: A flaw in mirror zone validity checking can allow zone data to be spoofed", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-6475.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-6475.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-6475", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00621", "scoring_system": "epss", "scoring_elements": "0.70006", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00621", "scoring_system": "epss", "scoring_elements": "0.70069", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00621", "scoring_system": "epss", "scoring_elements": "0.70009", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00621", "scoring_system": "epss", "scoring_elements": "0.70057", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00621", "scoring_system": "epss", "scoring_elements": "0.70073", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00621", "scoring_system": "epss", "scoring_elements": "0.70096", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00621", "scoring_system": "epss", "scoring_elements": "0.70082", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00621", "scoring_system": "epss", "scoring_elements": "0.70018", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00621", "scoring_system": "epss", "scoring_elements": "0.70033", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-6475" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://kb.isc.org/docs/cve-2019-6475", "reference_id": "", "reference_type": "", "scores": [], "url": "https://kb.isc.org/docs/cve-2019-6475" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20191024-0004/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20191024-0004/" }, { "reference_url": "https://support.f5.com/csp/article/K42238532?utm_source=f5support&%3Butm_medium=RSS", "reference_id": "", "reference_type": "", "scores": [], "url": "https://support.f5.com/csp/article/K42238532?utm_source=f5support&%3Butm_medium=RSS" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762914", "reference_id": "1762914", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762914" }, { "reference_url": "https://security.archlinux.org/AVG-1056", "reference_id": "AVG-1056", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1056" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6475", "reference_id": "CVE-2019-6475", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:P/A:N" }, { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6475" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374272?format=api", "purl": "pkg:alpm/archlinux/bind@9.14.7-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.14.7-1" } ], "aliases": [ "CVE-2019-6475" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7mbz-t9jk-juca" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81912?format=api", "vulnerability_id": "VCID-cufc-v1hn-jbdn", "summary": "bind: An error in QNAME minimization code can cause BIND to exit with an assertion failure", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-6476.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-6476.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-6476", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01269", "scoring_system": "epss", "scoring_elements": "0.79427", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01269", "scoring_system": "epss", "scoring_elements": "0.79476", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01269", "scoring_system": "epss", "scoring_elements": "0.79445", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01269", "scoring_system": "epss", "scoring_elements": "0.79473", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01269", "scoring_system": "epss", "scoring_elements": "0.79481", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01269", "scoring_system": "epss", "scoring_elements": "0.79503", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01269", "scoring_system": "epss", "scoring_elements": "0.79486", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01269", "scoring_system": "epss", "scoring_elements": "0.79434", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01269", "scoring_system": "epss", "scoring_elements": "0.79458", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-6476" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://kb.isc.org/docs/cve-2019-6476", "reference_id": "", "reference_type": "", "scores": [], "url": "https://kb.isc.org/docs/cve-2019-6476" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20191024-0004/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20191024-0004/" }, { "reference_url": "https://support.f5.com/csp/article/K42238532?utm_source=f5support&%3Butm_medium=RSS", "reference_id": "", "reference_type": "", "scores": [], "url": "https://support.f5.com/csp/article/K42238532?utm_source=f5support&%3Butm_medium=RSS" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762957", "reference_id": "1762957", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1762957" }, { "reference_url": "https://security.archlinux.org/AVG-1056", "reference_id": "AVG-1056", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1056" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6476", "reference_id": "CVE-2019-6476", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6476" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374272?format=api", "purl": "pkg:alpm/archlinux/bind@9.14.7-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.14.7-1" } ], "aliases": [ "CVE-2019-6476" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cufc-v1hn-jbdn" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.14.7-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/372381?format=api", "purl": "pkg:alpm/archlinux/bind@9.16.2-2", "type": "alpm", "namespace": "archlinux", "name": "bind", "version": "9.16.2-2", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "9.16.4-1", "latest_non_vulnerable_version": "9.20.9-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/79771?format=api", "vulnerability_id": "VCID-e5ez-2bba-zke3", "summary": "security update", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8617.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8617.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8617", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.89736", "scoring_system": "epss", "scoring_elements": "0.99565", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.89736", "scoring_system": "epss", "scoring_elements": "0.99566", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.89827", "scoring_system": "epss", "scoring_elements": "0.99567", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.92629", "scoring_system": "epss", "scoring_elements": "0.99745", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.92629", "scoring_system": "epss", "scoring_elements": "0.99746", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8617" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8616", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8616" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8617", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8617" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1836124", "reference_id": "1836124", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1836124" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961939", "reference_id": "961939", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961939" }, { "reference_url": "https://security.archlinux.org/ASA-202005-13", "reference_id": "ASA-202005-13", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202005-13" }, { "reference_url": "https://security.archlinux.org/AVG-1165", "reference_id": "AVG-1165", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1165" }, { "reference_url": "https://github.com/knqyf263/CVE-2020-8617/blob/92a64e68cf77a5b938e0d9c04524fa6147ccb785/exploit.py", "reference_id": "CVE-2020-8617", "reference_type": "exploit", "scores": [], "url": "https://github.com/knqyf263/CVE-2020-8617/blob/92a64e68cf77a5b938e0d9c04524fa6147ccb785/exploit.py" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/48521.py", "reference_id": "CVE-2020-8617", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/48521.py" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2338", "reference_id": "RHSA-2020:2338", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2338" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2344", "reference_id": "RHSA-2020:2344", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2344" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2345", "reference_id": "RHSA-2020:2345", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2345" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2383", "reference_id": "RHSA-2020:2383", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2383" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2404", "reference_id": "RHSA-2020:2404", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2404" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2893", "reference_id": "RHSA-2020:2893", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2893" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3378", "reference_id": "RHSA-2020:3378", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3378" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3379", "reference_id": "RHSA-2020:3379", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3379" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3433", "reference_id": "RHSA-2020:3433", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3433" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3470", "reference_id": "RHSA-2020:3470", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3470" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3471", "reference_id": "RHSA-2020:3471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3471" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3475", "reference_id": "RHSA-2020:3475", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3475" }, { "reference_url": "https://usn.ubuntu.com/4365-1/", "reference_id": "USN-4365-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4365-1/" }, { "reference_url": "https://usn.ubuntu.com/4365-2/", "reference_id": "USN-4365-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4365-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372382?format=api", "purl": "pkg:alpm/archlinux/bind@9.16.3-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gqmy-rkkq-mkgj" }, { "vulnerability": "VCID-qknq-wu95-6ba7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.16.3-1" } ], "aliases": [ "CVE-2020-8617" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e5ez-2bba-zke3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/79770?format=api", "vulnerability_id": "VCID-tg21-xnsh-t7c3", "summary": "security update", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8616.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8616.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8616", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.1534", "scoring_system": "epss", "scoring_elements": "0.946", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.1534", "scoring_system": "epss", "scoring_elements": "0.94615", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.1534", "scoring_system": "epss", "scoring_elements": "0.94608", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.19393", "scoring_system": "epss", "scoring_elements": "0.9537", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.19393", "scoring_system": "epss", "scoring_elements": "0.95373", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.19393", "scoring_system": "epss", "scoring_elements": "0.95377", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.19393", "scoring_system": "epss", "scoring_elements": "0.95363", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.19393", "scoring_system": "epss", "scoring_elements": "0.9538", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8616" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8616", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8616" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8617", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8617" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1836118", "reference_id": "1836118", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1836118" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961939", "reference_id": "961939", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961939" }, { "reference_url": "https://security.archlinux.org/ASA-202005-13", "reference_id": "ASA-202005-13", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202005-13" }, { "reference_url": "https://security.archlinux.org/AVG-1165", "reference_id": "AVG-1165", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1165" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2338", "reference_id": "RHSA-2020:2338", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2338" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2344", "reference_id": "RHSA-2020:2344", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2344" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2345", "reference_id": "RHSA-2020:2345", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2345" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2383", "reference_id": "RHSA-2020:2383", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2383" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2404", "reference_id": "RHSA-2020:2404", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2404" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3272", "reference_id": "RHSA-2020:3272", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3272" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3378", "reference_id": "RHSA-2020:3378", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3378" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3379", "reference_id": "RHSA-2020:3379", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3379" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3433", "reference_id": "RHSA-2020:3433", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3433" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3470", "reference_id": "RHSA-2020:3470", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3470" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3471", "reference_id": "RHSA-2020:3471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3471" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3475", "reference_id": "RHSA-2020:3475", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3475" }, { "reference_url": "https://usn.ubuntu.com/4365-1/", "reference_id": "USN-4365-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4365-1/" }, { "reference_url": "https://usn.ubuntu.com/4365-2/", "reference_id": "USN-4365-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4365-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372382?format=api", "purl": "pkg:alpm/archlinux/bind@9.16.3-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gqmy-rkkq-mkgj" }, { "vulnerability": "VCID-qknq-wu95-6ba7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.16.3-1" } ], "aliases": [ "CVE-2020-8616" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tg21-xnsh-t7c3" } ], "fixing_vulnerabilities": [], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.16.2-2" }, { "url": "http://public2.vulnerablecode.io/api/packages/372382?format=api", "purl": "pkg:alpm/archlinux/bind@9.16.3-1", "type": "alpm", "namespace": "archlinux", "name": "bind", "version": "9.16.3-1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "9.16.4-1", "latest_non_vulnerable_version": "9.20.9-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81149?format=api", "vulnerability_id": "VCID-gqmy-rkkq-mkgj", "summary": "bind: A buffer boundary check assertion in rdataset.c can fail incorrectly during zone transfer", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8618.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8618.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8618", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01297", "scoring_system": "epss", "scoring_elements": "0.7965", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01297", "scoring_system": "epss", "scoring_elements": "0.79698", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01297", "scoring_system": "epss", "scoring_elements": "0.79721", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01297", "scoring_system": "epss", "scoring_elements": "0.79704", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01297", "scoring_system": "epss", "scoring_elements": "0.79656", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01297", "scoring_system": "epss", "scoring_elements": "0.79678", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01297", "scoring_system": "epss", "scoring_elements": "0.79664", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01297", "scoring_system": "epss", "scoring_elements": "0.79692", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01297", "scoring_system": "epss", "scoring_elements": "0.797", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8618" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8618", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8618" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1847242", "reference_id": "1847242", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1847242" }, { "reference_url": "https://security.archlinux.org/ASA-202006-13", "reference_id": "ASA-202006-13", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202006-13" }, { "reference_url": "https://security.archlinux.org/AVG-1191", "reference_id": "AVG-1191", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1191" }, { "reference_url": "https://usn.ubuntu.com/4399-1/", "reference_id": "USN-4399-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4399-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374239?format=api", "purl": "pkg:alpm/archlinux/bind@9.16.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.16.4-1" } ], "aliases": [ "CVE-2020-8618" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gqmy-rkkq-mkgj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81150?format=api", "vulnerability_id": "VCID-qknq-wu95-6ba7", "summary": "bind: asterisk character in an empty non-terminal can cause an assertion failure in rbtdb.c", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8619.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8619.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8619", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06931", "scoring_system": "epss", "scoring_elements": "0.91367", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.06931", "scoring_system": "epss", "scoring_elements": "0.91417", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.06931", "scoring_system": "epss", "scoring_elements": "0.91415", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.06931", "scoring_system": "epss", "scoring_elements": "0.91418", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.06931", "scoring_system": "epss", "scoring_elements": "0.91373", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.06931", "scoring_system": "epss", "scoring_elements": "0.91383", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.06931", "scoring_system": "epss", "scoring_elements": "0.91391", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.06931", "scoring_system": "epss", "scoring_elements": "0.91403", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.06931", "scoring_system": "epss", "scoring_elements": "0.91409", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8619" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8619", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8619" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8622", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8622" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8623", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8623" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8624", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8624" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1847244", "reference_id": "1847244", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1847244" }, { "reference_url": "https://security.archlinux.org/ASA-202006-13", "reference_id": "ASA-202006-13", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202006-13" }, { "reference_url": "https://security.archlinux.org/AVG-1191", "reference_id": "AVG-1191", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1191" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4500", "reference_id": "RHSA-2020:4500", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4500" }, { "reference_url": "https://usn.ubuntu.com/4399-1/", "reference_id": "USN-4399-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4399-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374239?format=api", "purl": "pkg:alpm/archlinux/bind@9.16.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.16.4-1" } ], "aliases": [ "CVE-2020-8619" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qknq-wu95-6ba7" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/79771?format=api", "vulnerability_id": "VCID-e5ez-2bba-zke3", "summary": "security update", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8617.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8617.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8617", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.89736", "scoring_system": "epss", "scoring_elements": "0.99565", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.89736", "scoring_system": "epss", "scoring_elements": "0.99566", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.89827", "scoring_system": "epss", "scoring_elements": "0.99567", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.92629", "scoring_system": "epss", "scoring_elements": "0.99745", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.92629", "scoring_system": "epss", "scoring_elements": "0.99746", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8617" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8616", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8616" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8617", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8617" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1836124", "reference_id": "1836124", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1836124" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961939", "reference_id": "961939", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961939" }, { "reference_url": "https://security.archlinux.org/ASA-202005-13", "reference_id": "ASA-202005-13", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202005-13" }, { "reference_url": "https://security.archlinux.org/AVG-1165", "reference_id": "AVG-1165", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1165" }, { "reference_url": "https://github.com/knqyf263/CVE-2020-8617/blob/92a64e68cf77a5b938e0d9c04524fa6147ccb785/exploit.py", "reference_id": "CVE-2020-8617", "reference_type": "exploit", "scores": [], "url": "https://github.com/knqyf263/CVE-2020-8617/blob/92a64e68cf77a5b938e0d9c04524fa6147ccb785/exploit.py" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/48521.py", "reference_id": "CVE-2020-8617", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/48521.py" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2338", "reference_id": "RHSA-2020:2338", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2338" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2344", "reference_id": "RHSA-2020:2344", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2344" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2345", "reference_id": "RHSA-2020:2345", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2345" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2383", "reference_id": "RHSA-2020:2383", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2383" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2404", "reference_id": "RHSA-2020:2404", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2404" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2893", "reference_id": "RHSA-2020:2893", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2893" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3378", "reference_id": "RHSA-2020:3378", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3378" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3379", "reference_id": "RHSA-2020:3379", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3379" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3433", "reference_id": "RHSA-2020:3433", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3433" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3470", "reference_id": "RHSA-2020:3470", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3470" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3471", "reference_id": "RHSA-2020:3471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3471" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3475", "reference_id": "RHSA-2020:3475", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3475" }, { "reference_url": "https://usn.ubuntu.com/4365-1/", "reference_id": "USN-4365-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4365-1/" }, { "reference_url": "https://usn.ubuntu.com/4365-2/", "reference_id": "USN-4365-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4365-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372382?format=api", "purl": "pkg:alpm/archlinux/bind@9.16.3-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gqmy-rkkq-mkgj" }, { "vulnerability": "VCID-qknq-wu95-6ba7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.16.3-1" } ], "aliases": [ "CVE-2020-8617" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e5ez-2bba-zke3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/79770?format=api", "vulnerability_id": "VCID-tg21-xnsh-t7c3", "summary": "security update", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8616.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8616.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8616", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.1534", "scoring_system": "epss", "scoring_elements": "0.946", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.1534", "scoring_system": "epss", "scoring_elements": "0.94615", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.1534", "scoring_system": "epss", "scoring_elements": "0.94608", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.19393", "scoring_system": "epss", "scoring_elements": "0.9537", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.19393", "scoring_system": "epss", "scoring_elements": "0.95373", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.19393", "scoring_system": "epss", "scoring_elements": "0.95377", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.19393", "scoring_system": "epss", "scoring_elements": "0.95363", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.19393", "scoring_system": "epss", "scoring_elements": "0.9538", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8616" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8616", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8616" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8617", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8617" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1836118", "reference_id": "1836118", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1836118" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961939", "reference_id": "961939", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961939" }, { "reference_url": "https://security.archlinux.org/ASA-202005-13", "reference_id": "ASA-202005-13", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202005-13" }, { "reference_url": "https://security.archlinux.org/AVG-1165", "reference_id": "AVG-1165", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1165" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2338", "reference_id": "RHSA-2020:2338", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2338" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2344", "reference_id": "RHSA-2020:2344", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2344" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2345", "reference_id": "RHSA-2020:2345", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2345" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2383", "reference_id": "RHSA-2020:2383", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2383" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2404", "reference_id": "RHSA-2020:2404", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2404" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3272", "reference_id": "RHSA-2020:3272", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3272" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3378", "reference_id": "RHSA-2020:3378", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3378" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3379", "reference_id": "RHSA-2020:3379", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3379" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3433", "reference_id": "RHSA-2020:3433", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3433" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3470", "reference_id": "RHSA-2020:3470", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3470" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3471", "reference_id": "RHSA-2020:3471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3471" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3475", "reference_id": "RHSA-2020:3475", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3475" }, { "reference_url": "https://usn.ubuntu.com/4365-1/", "reference_id": "USN-4365-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4365-1/" }, { "reference_url": "https://usn.ubuntu.com/4365-2/", "reference_id": "USN-4365-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4365-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372382?format=api", "purl": "pkg:alpm/archlinux/bind@9.16.3-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gqmy-rkkq-mkgj" }, { "vulnerability": "VCID-qknq-wu95-6ba7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.16.3-1" } ], "aliases": [ "CVE-2020-8616" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tg21-xnsh-t7c3" } ], "risk_score": "3.1", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.16.3-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/374239?format=api", "purl": "pkg:alpm/archlinux/bind@9.16.4-1", "type": "alpm", "namespace": "archlinux", "name": "bind", "version": "9.16.4-1", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "9.16.12-1", "latest_non_vulnerable_version": "9.20.9-1", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81149?format=api", "vulnerability_id": "VCID-gqmy-rkkq-mkgj", "summary": "bind: A buffer boundary check assertion in rdataset.c can fail incorrectly during zone transfer", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8618.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8618.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8618", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01297", "scoring_system": "epss", "scoring_elements": "0.7965", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01297", "scoring_system": "epss", "scoring_elements": "0.79698", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01297", "scoring_system": "epss", "scoring_elements": "0.79721", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01297", "scoring_system": "epss", "scoring_elements": "0.79704", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01297", "scoring_system": "epss", "scoring_elements": "0.79656", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01297", "scoring_system": "epss", "scoring_elements": "0.79678", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01297", "scoring_system": "epss", "scoring_elements": "0.79664", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01297", "scoring_system": "epss", "scoring_elements": "0.79692", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01297", "scoring_system": "epss", "scoring_elements": "0.797", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8618" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8618", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8618" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1847242", "reference_id": "1847242", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1847242" }, { "reference_url": "https://security.archlinux.org/ASA-202006-13", "reference_id": "ASA-202006-13", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202006-13" }, { "reference_url": "https://security.archlinux.org/AVG-1191", "reference_id": "AVG-1191", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1191" }, { "reference_url": "https://usn.ubuntu.com/4399-1/", "reference_id": "USN-4399-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4399-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374239?format=api", "purl": "pkg:alpm/archlinux/bind@9.16.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.16.4-1" } ], "aliases": [ "CVE-2020-8618" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gqmy-rkkq-mkgj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81150?format=api", "vulnerability_id": "VCID-qknq-wu95-6ba7", "summary": "bind: asterisk character in an empty non-terminal can cause an assertion failure in rbtdb.c", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8619.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8619.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8619", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06931", "scoring_system": "epss", "scoring_elements": "0.91367", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.06931", "scoring_system": "epss", "scoring_elements": "0.91417", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.06931", "scoring_system": "epss", "scoring_elements": "0.91415", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.06931", "scoring_system": "epss", "scoring_elements": "0.91418", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.06931", "scoring_system": "epss", "scoring_elements": "0.91373", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.06931", "scoring_system": "epss", "scoring_elements": "0.91383", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.06931", "scoring_system": "epss", "scoring_elements": "0.91391", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.06931", "scoring_system": "epss", "scoring_elements": "0.91403", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.06931", "scoring_system": "epss", "scoring_elements": "0.91409", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8619" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8619", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8619" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8622", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8622" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8623", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8623" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8624", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8624" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1847244", "reference_id": "1847244", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1847244" }, { "reference_url": "https://security.archlinux.org/ASA-202006-13", "reference_id": "ASA-202006-13", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202006-13" }, { "reference_url": "https://security.archlinux.org/AVG-1191", "reference_id": "AVG-1191", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1191" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4500", "reference_id": "RHSA-2020:4500", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4500" }, { "reference_url": "https://usn.ubuntu.com/4399-1/", "reference_id": "USN-4399-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4399-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374239?format=api", "purl": "pkg:alpm/archlinux/bind@9.16.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.16.4-1" } ], "aliases": [ "CVE-2020-8619" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qknq-wu95-6ba7" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.16.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/372181?format=api", "purl": "pkg:alpm/archlinux/bind@9.16.11-1", "type": "alpm", "namespace": "archlinux", "name": "bind", "version": "9.16.11-1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "9.16.12-1", "latest_non_vulnerable_version": "9.20.9-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/80573?format=api", "vulnerability_id": "VCID-4nrz-wm5t-z3g5", "summary": "bind: Buffer overflow in the SPNEGO implementation affecting GSSAPI security policy negotiation", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8625.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8625.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8625", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.26304", "scoring_system": "epss", "scoring_elements": "0.96269", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.26304", "scoring_system": "epss", "scoring_elements": "0.96308", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.26304", "scoring_system": "epss", "scoring_elements": "0.96301", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.26304", "scoring_system": "epss", "scoring_elements": "0.96305", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.26304", "scoring_system": "epss", "scoring_elements": "0.96276", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.26304", "scoring_system": "epss", "scoring_elements": "0.96284", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.26304", "scoring_system": "epss", "scoring_elements": "0.96288", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.26304", "scoring_system": "epss", "scoring_elements": "0.96297", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8625" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8625", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8625" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928486", "reference_id": "1928486", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928486" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983004", "reference_id": "983004", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983004" }, { "reference_url": "https://security.archlinux.org/ASA-202102-40", "reference_id": "ASA-202102-40", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202102-40" }, { "reference_url": "https://security.archlinux.org/AVG-1589", "reference_id": "AVG-1589", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1589" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0669", "reference_id": "RHSA-2021:0669", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0669" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0670", "reference_id": "RHSA-2021:0670", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0670" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0671", "reference_id": "RHSA-2021:0671", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0671" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0672", "reference_id": "RHSA-2021:0672", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0672" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0691", "reference_id": "RHSA-2021:0691", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0691" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0692", "reference_id": "RHSA-2021:0692", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0692" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0693", "reference_id": "RHSA-2021:0693", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0693" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0694", "reference_id": "RHSA-2021:0694", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0694" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0727", "reference_id": "RHSA-2021:0727", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0727" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0922", "reference_id": "RHSA-2021:0922", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0922" }, { "reference_url": "https://usn.ubuntu.com/4737-1/", "reference_id": "USN-4737-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4737-1/" }, { "reference_url": "https://usn.ubuntu.com/4737-2/", "reference_id": "USN-4737-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4737-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372182?format=api", "purl": "pkg:alpm/archlinux/bind@9.16.12-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.16.12-1" } ], "aliases": [ "CVE-2020-8625" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4nrz-wm5t-z3g5" } ], "fixing_vulnerabilities": [], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.16.11-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/372182?format=api", "purl": "pkg:alpm/archlinux/bind@9.16.12-1", "type": "alpm", "namespace": "archlinux", "name": "bind", "version": "9.16.12-1", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "9.16.15-1", "latest_non_vulnerable_version": "9.20.9-1", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/80573?format=api", "vulnerability_id": "VCID-4nrz-wm5t-z3g5", "summary": "bind: Buffer overflow in the SPNEGO implementation affecting GSSAPI security policy negotiation", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8625.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8625.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8625", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.26304", "scoring_system": "epss", "scoring_elements": "0.96269", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.26304", "scoring_system": "epss", "scoring_elements": "0.96308", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.26304", "scoring_system": "epss", "scoring_elements": "0.96301", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.26304", "scoring_system": "epss", "scoring_elements": "0.96305", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.26304", "scoring_system": "epss", "scoring_elements": "0.96276", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.26304", "scoring_system": "epss", "scoring_elements": "0.96284", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.26304", "scoring_system": "epss", "scoring_elements": "0.96288", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.26304", "scoring_system": "epss", "scoring_elements": "0.96297", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8625" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8625", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8625" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928486", "reference_id": "1928486", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928486" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983004", "reference_id": "983004", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983004" }, { "reference_url": "https://security.archlinux.org/ASA-202102-40", "reference_id": "ASA-202102-40", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202102-40" }, { "reference_url": "https://security.archlinux.org/AVG-1589", "reference_id": "AVG-1589", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1589" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0669", "reference_id": "RHSA-2021:0669", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0669" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0670", "reference_id": "RHSA-2021:0670", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0670" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0671", "reference_id": "RHSA-2021:0671", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0671" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0672", "reference_id": "RHSA-2021:0672", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0672" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0691", "reference_id": "RHSA-2021:0691", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0691" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0692", "reference_id": "RHSA-2021:0692", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0692" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0693", "reference_id": "RHSA-2021:0693", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0693" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0694", "reference_id": "RHSA-2021:0694", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0694" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0727", "reference_id": "RHSA-2021:0727", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0727" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0922", "reference_id": "RHSA-2021:0922", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0922" }, { "reference_url": "https://usn.ubuntu.com/4737-1/", "reference_id": "USN-4737-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4737-1/" }, { "reference_url": "https://usn.ubuntu.com/4737-2/", "reference_id": "USN-4737-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4737-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372182?format=api", "purl": "pkg:alpm/archlinux/bind@9.16.12-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.16.12-1" } ], "aliases": [ "CVE-2020-8625" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4nrz-wm5t-z3g5" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.16.12-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/372104?format=api", "purl": "pkg:alpm/archlinux/bind@9.16.13-1", "type": "alpm", "namespace": "archlinux", "name": "bind", "version": "9.16.13-1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "9.16.15-1", "latest_non_vulnerable_version": "9.20.9-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/80330?format=api", "vulnerability_id": "VCID-7kh5-ba54-z3gy", "summary": "bind: An assertion check can fail while answering queries for DNAME records that require the DNAME to be processed to resolve itself", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25215.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25215.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-25215", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01493", "scoring_system": "epss", "scoring_elements": "0.81002", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01493", "scoring_system": "epss", "scoring_elements": "0.81066", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01493", "scoring_system": "epss", "scoring_elements": "0.81086", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01493", "scoring_system": "epss", "scoring_elements": "0.81073", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01493", "scoring_system": "epss", "scoring_elements": "0.81011", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01493", "scoring_system": "epss", "scoring_elements": "0.81035", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01493", "scoring_system": "epss", "scoring_elements": "0.81034", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01493", "scoring_system": "epss", "scoring_elements": "0.81062", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01493", "scoring_system": "epss", "scoring_elements": "0.81068", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-25215" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25214", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25214" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25215", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25215" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25216", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25216" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1953857", "reference_id": "1953857", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1953857" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987742", "reference_id": "987742", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987742" }, { "reference_url": "https://security.archlinux.org/ASA-202104-10", "reference_id": "ASA-202104-10", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202104-10" }, { "reference_url": "https://security.archlinux.org/AVG-1890", "reference_id": "AVG-1890", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1890" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1468", "reference_id": "RHSA-2021:1468", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1468" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1469", "reference_id": "RHSA-2021:1469", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1469" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1475", "reference_id": "RHSA-2021:1475", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1475" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1476", "reference_id": "RHSA-2021:1476", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1476" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1477", "reference_id": "RHSA-2021:1477", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1477" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1478", "reference_id": "RHSA-2021:1478", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1478" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1479", "reference_id": "RHSA-2021:1479", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1479" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1989", "reference_id": "RHSA-2021:1989", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1989" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2024", "reference_id": "RHSA-2021:2024", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2024" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2028", "reference_id": "RHSA-2021:2028", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2028" }, { "reference_url": "https://usn.ubuntu.com/4929-1/", "reference_id": "USN-4929-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4929-1/" }, { "reference_url": "https://usn.ubuntu.com/7739-1/", "reference_id": "USN-7739-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7739-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372105?format=api", "purl": "pkg:alpm/archlinux/bind@9.16.15-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.16.15-1" } ], "aliases": [ "CVE-2021-25215" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7kh5-ba54-z3gy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/80329?format=api", "vulnerability_id": "VCID-pjk7-r6yh-ufak", "summary": "bind: Broken inbound incremental zone update (IXFR) can cause named to terminate unexpectedly", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25214.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25214.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-25214", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00751", "scoring_system": "epss", "scoring_elements": "0.73117", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00751", "scoring_system": "epss", "scoring_elements": "0.73171", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00751", "scoring_system": "epss", "scoring_elements": "0.73196", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00751", "scoring_system": "epss", "scoring_elements": "0.73177", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00751", "scoring_system": "epss", "scoring_elements": "0.73127", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00751", "scoring_system": "epss", "scoring_elements": "0.73148", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00751", "scoring_system": "epss", "scoring_elements": "0.73123", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00751", "scoring_system": "epss", "scoring_elements": "0.73158", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00751", "scoring_system": "epss", "scoring_elements": "0.73172", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-25214" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25214", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25214" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25215", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25215" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25216", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25216" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1953849", "reference_id": "1953849", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1953849" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987741", "reference_id": "987741", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987741" }, { "reference_url": "https://security.archlinux.org/ASA-202104-10", "reference_id": "ASA-202104-10", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202104-10" }, { "reference_url": "https://security.archlinux.org/AVG-1890", "reference_id": "AVG-1890", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1890" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3325", "reference_id": "RHSA-2021:3325", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3325" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4384", "reference_id": "RHSA-2021:4384", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4384" }, { "reference_url": "https://usn.ubuntu.com/4929-1/", "reference_id": "USN-4929-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4929-1/" }, { "reference_url": "https://usn.ubuntu.com/7739-1/", "reference_id": "USN-7739-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7739-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372105?format=api", "purl": "pkg:alpm/archlinux/bind@9.16.15-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.16.15-1" } ], "aliases": [ "CVE-2021-25214" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pjk7-r6yh-ufak" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/80331?format=api", "vulnerability_id": "VCID-rd8n-tcus-zyg3", "summary": "bind: Vulnerability in BIND's GSSAPI security policy negotiation can be targeted by a buffer overflow attack", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25216.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25216.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-25216", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.27744", "scoring_system": "epss", "scoring_elements": "0.96416", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.27744", "scoring_system": "epss", "scoring_elements": "0.9645", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.27744", "scoring_system": "epss", "scoring_elements": "0.96443", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.27744", "scoring_system": "epss", "scoring_elements": "0.96447", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.27744", "scoring_system": "epss", "scoring_elements": "0.96423", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.27744", "scoring_system": "epss", "scoring_elements": "0.96427", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.27744", "scoring_system": "epss", "scoring_elements": "0.96431", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.27744", "scoring_system": "epss", "scoring_elements": "0.96439", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-25216" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25214", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25214" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25215", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25215" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25216", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25216" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1953872", "reference_id": "1953872", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1953872" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987743", "reference_id": "987743", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987743" }, { "reference_url": "https://security.archlinux.org/ASA-202104-10", "reference_id": "ASA-202104-10", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202104-10" }, { "reference_url": "https://security.archlinux.org/AVG-1890", "reference_id": "AVG-1890", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1890" }, { "reference_url": "https://usn.ubuntu.com/4929-1/", "reference_id": "USN-4929-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4929-1/" }, { "reference_url": "https://usn.ubuntu.com/7739-1/", "reference_id": "USN-7739-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7739-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372105?format=api", "purl": "pkg:alpm/archlinux/bind@9.16.15-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.16.15-1" } ], "aliases": [ "CVE-2021-25216" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rd8n-tcus-zyg3" } ], "fixing_vulnerabilities": [], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.16.13-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/372105?format=api", "purl": "pkg:alpm/archlinux/bind@9.16.15-1", "type": "alpm", "namespace": "archlinux", "name": "bind", "version": "9.16.15-1", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "9.16.20-1", "latest_non_vulnerable_version": "9.20.9-1", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/80330?format=api", "vulnerability_id": "VCID-7kh5-ba54-z3gy", "summary": "bind: An assertion check can fail while answering queries for DNAME records that require the DNAME to be processed to resolve itself", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25215.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25215.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-25215", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01493", "scoring_system": "epss", "scoring_elements": "0.81002", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01493", "scoring_system": "epss", "scoring_elements": "0.81066", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01493", "scoring_system": "epss", "scoring_elements": "0.81086", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01493", "scoring_system": "epss", "scoring_elements": "0.81073", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01493", "scoring_system": "epss", "scoring_elements": "0.81011", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01493", "scoring_system": "epss", "scoring_elements": "0.81035", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01493", "scoring_system": "epss", "scoring_elements": "0.81034", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01493", "scoring_system": "epss", "scoring_elements": "0.81062", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01493", "scoring_system": "epss", "scoring_elements": "0.81068", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-25215" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25214", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25214" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25215", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25215" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25216", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25216" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1953857", "reference_id": "1953857", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1953857" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987742", "reference_id": "987742", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987742" }, { "reference_url": "https://security.archlinux.org/ASA-202104-10", "reference_id": "ASA-202104-10", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202104-10" }, { "reference_url": "https://security.archlinux.org/AVG-1890", "reference_id": "AVG-1890", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1890" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1468", "reference_id": "RHSA-2021:1468", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1468" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1469", "reference_id": "RHSA-2021:1469", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1469" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1475", "reference_id": "RHSA-2021:1475", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1475" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1476", "reference_id": "RHSA-2021:1476", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1476" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1477", "reference_id": "RHSA-2021:1477", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1477" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1478", "reference_id": "RHSA-2021:1478", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1478" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1479", "reference_id": "RHSA-2021:1479", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1479" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1989", "reference_id": "RHSA-2021:1989", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1989" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2024", "reference_id": "RHSA-2021:2024", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2024" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2028", "reference_id": "RHSA-2021:2028", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2028" }, { "reference_url": "https://usn.ubuntu.com/4929-1/", "reference_id": "USN-4929-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4929-1/" }, { "reference_url": "https://usn.ubuntu.com/7739-1/", "reference_id": "USN-7739-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7739-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372105?format=api", "purl": "pkg:alpm/archlinux/bind@9.16.15-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.16.15-1" } ], "aliases": [ "CVE-2021-25215" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7kh5-ba54-z3gy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/80329?format=api", "vulnerability_id": "VCID-pjk7-r6yh-ufak", "summary": "bind: Broken inbound incremental zone update (IXFR) can cause named to terminate unexpectedly", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25214.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25214.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-25214", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00751", "scoring_system": "epss", "scoring_elements": "0.73117", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00751", "scoring_system": "epss", "scoring_elements": "0.73171", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00751", "scoring_system": "epss", "scoring_elements": "0.73196", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00751", "scoring_system": "epss", "scoring_elements": "0.73177", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00751", "scoring_system": "epss", "scoring_elements": "0.73127", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00751", "scoring_system": "epss", "scoring_elements": "0.73148", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00751", "scoring_system": "epss", "scoring_elements": "0.73123", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00751", "scoring_system": "epss", "scoring_elements": "0.73158", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00751", "scoring_system": "epss", "scoring_elements": "0.73172", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-25214" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25214", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25214" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25215", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25215" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25216", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25216" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1953849", "reference_id": "1953849", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1953849" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987741", "reference_id": "987741", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987741" }, { "reference_url": "https://security.archlinux.org/ASA-202104-10", "reference_id": "ASA-202104-10", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202104-10" }, { "reference_url": "https://security.archlinux.org/AVG-1890", "reference_id": "AVG-1890", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1890" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3325", "reference_id": "RHSA-2021:3325", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3325" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4384", "reference_id": "RHSA-2021:4384", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4384" }, { "reference_url": "https://usn.ubuntu.com/4929-1/", "reference_id": "USN-4929-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4929-1/" }, { "reference_url": "https://usn.ubuntu.com/7739-1/", "reference_id": "USN-7739-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7739-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372105?format=api", "purl": "pkg:alpm/archlinux/bind@9.16.15-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.16.15-1" } ], "aliases": [ "CVE-2021-25214" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pjk7-r6yh-ufak" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/80331?format=api", "vulnerability_id": "VCID-rd8n-tcus-zyg3", "summary": "bind: Vulnerability in BIND's GSSAPI security policy negotiation can be targeted by a buffer overflow attack", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25216.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25216.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-25216", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.27744", "scoring_system": "epss", "scoring_elements": "0.96416", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.27744", "scoring_system": "epss", "scoring_elements": "0.9645", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.27744", "scoring_system": "epss", "scoring_elements": "0.96443", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.27744", "scoring_system": "epss", "scoring_elements": "0.96447", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.27744", "scoring_system": "epss", "scoring_elements": "0.96423", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.27744", "scoring_system": "epss", "scoring_elements": "0.96427", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.27744", "scoring_system": "epss", "scoring_elements": "0.96431", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.27744", "scoring_system": "epss", "scoring_elements": "0.96439", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-25216" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25214", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25214" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25215", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25215" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25216", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25216" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1953872", "reference_id": "1953872", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1953872" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987743", "reference_id": "987743", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987743" }, { "reference_url": "https://security.archlinux.org/ASA-202104-10", "reference_id": "ASA-202104-10", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202104-10" }, { "reference_url": "https://security.archlinux.org/AVG-1890", "reference_id": "AVG-1890", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1890" }, { "reference_url": "https://usn.ubuntu.com/4929-1/", "reference_id": "USN-4929-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4929-1/" }, { "reference_url": "https://usn.ubuntu.com/7739-1/", "reference_id": "USN-7739-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7739-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372105?format=api", "purl": "pkg:alpm/archlinux/bind@9.16.15-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.16.15-1" } ], "aliases": [ "CVE-2021-25216" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rd8n-tcus-zyg3" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.16.15-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/373524?format=api", "purl": "pkg:alpm/archlinux/bind@9.16.19-1", "type": "alpm", "namespace": "archlinux", "name": "bind", "version": "9.16.19-1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "9.16.20-1", "latest_non_vulnerable_version": "9.20.9-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/80079?format=api", "vulnerability_id": "VCID-x9g2-pnfe-qyhh", "summary": "bind: Too strict assertion check could be triggered when responses require UDP fragmentation if RRL is in use", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25218.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25218.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-25218", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00584", "scoring_system": "epss", "scoring_elements": "0.68945", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00584", "scoring_system": "epss", "scoring_elements": "0.6901", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00584", "scoring_system": "epss", "scoring_elements": "0.69054", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00584", "scoring_system": "epss", "scoring_elements": "0.6904", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00584", "scoring_system": "epss", "scoring_elements": "0.68963", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00584", "scoring_system": "epss", "scoring_elements": "0.68983", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00584", "scoring_system": "epss", "scoring_elements": "0.68962", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00584", "scoring_system": "epss", "scoring_elements": "0.69013", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00584", "scoring_system": "epss", "scoring_elements": "0.69032", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-25218" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995312", "reference_id": "1995312", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995312" }, { "reference_url": "https://security.archlinux.org/AVG-2303", "reference_id": "AVG-2303", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2303" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373525?format=api", "purl": "pkg:alpm/archlinux/bind@9.16.20-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.16.20-1" } ], "aliases": [ "CVE-2021-25218" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x9g2-pnfe-qyhh" } ], "fixing_vulnerabilities": [], "risk_score": "3.4", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.16.19-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/373525?format=api", "purl": "pkg:alpm/archlinux/bind@9.16.20-1", "type": "alpm", "namespace": "archlinux", "name": "bind", "version": "9.16.20-1", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "9.16.22-1", "latest_non_vulnerable_version": "9.20.9-1", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/80079?format=api", "vulnerability_id": "VCID-x9g2-pnfe-qyhh", "summary": "bind: Too strict assertion check could be triggered when responses require UDP fragmentation if RRL is in use", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25218.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25218.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-25218", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00584", "scoring_system": "epss", "scoring_elements": "0.68945", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00584", "scoring_system": "epss", "scoring_elements": "0.6901", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00584", "scoring_system": "epss", "scoring_elements": "0.69054", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00584", "scoring_system": "epss", "scoring_elements": "0.6904", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00584", "scoring_system": "epss", "scoring_elements": "0.68963", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00584", "scoring_system": "epss", "scoring_elements": "0.68983", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00584", "scoring_system": "epss", "scoring_elements": "0.68962", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00584", "scoring_system": "epss", "scoring_elements": "0.69013", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00584", "scoring_system": "epss", "scoring_elements": "0.69032", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-25218" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995312", "reference_id": "1995312", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995312" }, { "reference_url": "https://security.archlinux.org/AVG-2303", "reference_id": "AVG-2303", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2303" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373525?format=api", "purl": "pkg:alpm/archlinux/bind@9.16.20-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.16.20-1" } ], "aliases": [ "CVE-2021-25218" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x9g2-pnfe-qyhh" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.16.20-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/373406?format=api", "purl": "pkg:alpm/archlinux/bind@9.16.21-1", "type": "alpm", "namespace": "archlinux", "name": "bind", "version": "9.16.21-1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "9.16.22-1", "latest_non_vulnerable_version": "9.20.9-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49232?format=api", "vulnerability_id": "VCID-8k3p-761z-f3e3", "summary": "Multiple vulnerabilities have been discovered in ISC BIND, the worst of which could result in denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25219.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25219.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-25219", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00957", "scoring_system": "epss", "scoring_elements": "0.76379", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00957", "scoring_system": "epss", "scoring_elements": "0.76394", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00957", "scoring_system": "epss", "scoring_elements": "0.76383", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00957", "scoring_system": "epss", "scoring_elements": "0.76412", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00957", "scoring_system": "epss", "scoring_elements": "0.76427", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00957", "scoring_system": "epss", "scoring_elements": "0.7644", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01039", "scoring_system": "epss", "scoring_elements": "0.77425", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01039", "scoring_system": "epss", "scoring_elements": "0.77421", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01039", "scoring_system": "epss", "scoring_elements": "0.77445", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-25219" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25219", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25219" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2017636", "reference_id": "2017636", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2017636" }, { "reference_url": "https://security.archlinux.org/ASA-202110-12", "reference_id": "ASA-202110-12", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202110-12" }, { "reference_url": "https://security.archlinux.org/AVG-2502", "reference_id": "AVG-2502", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2502" }, { "reference_url": "https://security.gentoo.org/glsa/202210-25", "reference_id": "GLSA-202210-25", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202210-25" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:2092", "reference_id": "RHSA-2022:2092", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:2092" }, { "reference_url": "https://usn.ubuntu.com/5126-1/", "reference_id": "USN-5126-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5126-1/" }, { "reference_url": "https://usn.ubuntu.com/5126-2/", "reference_id": "USN-5126-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5126-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373407?format=api", "purl": "pkg:alpm/archlinux/bind@9.16.22-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.16.22-1" } ], "aliases": [ "CVE-2021-25219" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8k3p-761z-f3e3" } ], "fixing_vulnerabilities": [], "risk_score": "3.1", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.16.21-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/373407?format=api", "purl": "pkg:alpm/archlinux/bind@9.16.22-1", "type": "alpm", "namespace": "archlinux", "name": "bind", "version": "9.16.22-1", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "9.18.1-1", "latest_non_vulnerable_version": "9.20.9-1", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49232?format=api", "vulnerability_id": "VCID-8k3p-761z-f3e3", "summary": "Multiple vulnerabilities have been discovered in ISC BIND, the worst of which could result in denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25219.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25219.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-25219", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00957", "scoring_system": "epss", "scoring_elements": "0.76379", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00957", "scoring_system": "epss", "scoring_elements": "0.76394", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00957", "scoring_system": "epss", "scoring_elements": "0.76383", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00957", "scoring_system": "epss", "scoring_elements": "0.76412", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00957", "scoring_system": "epss", "scoring_elements": "0.76427", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00957", "scoring_system": "epss", "scoring_elements": "0.7644", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01039", "scoring_system": "epss", "scoring_elements": "0.77425", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01039", "scoring_system": "epss", "scoring_elements": "0.77421", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01039", "scoring_system": "epss", "scoring_elements": "0.77445", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-25219" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25219", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25219" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2017636", "reference_id": "2017636", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2017636" }, { "reference_url": "https://security.archlinux.org/ASA-202110-12", "reference_id": "ASA-202110-12", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202110-12" }, { "reference_url": "https://security.archlinux.org/AVG-2502", "reference_id": "AVG-2502", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2502" }, { "reference_url": "https://security.gentoo.org/glsa/202210-25", "reference_id": "GLSA-202210-25", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202210-25" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:2092", "reference_id": "RHSA-2022:2092", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:2092" }, { "reference_url": "https://usn.ubuntu.com/5126-1/", "reference_id": "USN-5126-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5126-1/" }, { "reference_url": "https://usn.ubuntu.com/5126-2/", "reference_id": "USN-5126-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5126-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373407?format=api", "purl": "pkg:alpm/archlinux/bind@9.16.22-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.16.22-1" } ], "aliases": [ "CVE-2021-25219" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8k3p-761z-f3e3" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.16.22-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/371798?format=api", "purl": "pkg:alpm/archlinux/bind@9.18.0-1", "type": "alpm", "namespace": "archlinux", "name": "bind", "version": "9.18.0-1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "9.18.1-1", "latest_non_vulnerable_version": "9.20.9-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49233?format=api", "vulnerability_id": "VCID-67zf-a3r9-wqcv", "summary": "Multiple vulnerabilities have been discovered in ISC BIND, the worst of which could result in denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25220.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25220.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-25220", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28459", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.2851", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.2855", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28551", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28509", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.29013", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.29079", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.29153", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.29202", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-25220" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25220", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25220" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064512", "reference_id": "2064512", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064512" }, { "reference_url": "https://security.archlinux.org/ASA-202204-5", "reference_id": "ASA-202204-5", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202204-5" }, { "reference_url": "https://security.archlinux.org/AVG-2661", "reference_id": "AVG-2661", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2661" }, { "reference_url": "https://security.gentoo.org/glsa/202210-25", "reference_id": "GLSA-202210-25", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202210-25" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7643", "reference_id": "RHSA-2022:7643", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7643" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7790", "reference_id": "RHSA-2022:7790", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7790" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8068", "reference_id": "RHSA-2022:8068", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8068" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8385", "reference_id": "RHSA-2022:8385", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8385" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0402", "reference_id": "RHSA-2023:0402", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0402" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2720", "reference_id": "RHSA-2024:2720", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2720" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21740", "reference_id": "RHSA-2025:21740", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21740" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21741", "reference_id": "RHSA-2025:21741", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21741" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21889", "reference_id": "RHSA-2025:21889", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21889" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22168", "reference_id": "RHSA-2025:22168", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22168" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23414", "reference_id": "RHSA-2025:23414", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23414" }, { "reference_url": "https://usn.ubuntu.com/5332-1/", "reference_id": "USN-5332-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5332-1/" }, { "reference_url": "https://usn.ubuntu.com/5332-2/", "reference_id": "USN-5332-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5332-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371799?format=api", "purl": "pkg:alpm/archlinux/bind@9.18.1-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.18.1-1" } ], "aliases": [ "CVE-2021-25220" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-67zf-a3r9-wqcv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/79582?format=api", "vulnerability_id": "VCID-b3u2-wjzm-duhc", "summary": "bind: When chasing DS records, a timed-out or artificially delayed fetch could cause 'named' to crash while resuming a DS lookup", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0667.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0667.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0667", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00694", "scoring_system": "epss", "scoring_elements": "0.71825", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00694", "scoring_system": "epss", "scoring_elements": "0.71866", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00694", "scoring_system": "epss", "scoring_elements": "0.71901", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00694", "scoring_system": "epss", "scoring_elements": "0.71883", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00694", "scoring_system": "epss", "scoring_elements": "0.71834", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00694", "scoring_system": "epss", "scoring_elements": "0.71853", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00694", "scoring_system": "epss", "scoring_elements": "0.71827", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00694", "scoring_system": "epss", "scoring_elements": "0.71865", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00694", "scoring_system": "epss", "scoring_elements": "0.71877", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0667" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064515", "reference_id": "2064515", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064515" }, { "reference_url": "https://security.archlinux.org/ASA-202204-5", "reference_id": "ASA-202204-5", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202204-5" }, { "reference_url": "https://security.archlinux.org/AVG-2661", "reference_id": "AVG-2661", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2661" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371799?format=api", "purl": "pkg:alpm/archlinux/bind@9.18.1-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.18.1-1" } ], "aliases": [ "CVE-2022-0667" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b3u2-wjzm-duhc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/79581?format=api", "vulnerability_id": "VCID-x4bu-4ex7-37cd", "summary": "bind: Lookups involving a DNAME could trigger an assertion failure when 'synth-from-dnssec' was enabled (which is the default)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0635.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0635.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0635", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00781", "scoring_system": "epss", "scoring_elements": "0.73649", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00781", "scoring_system": "epss", "scoring_elements": "0.73697", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00781", "scoring_system": "epss", "scoring_elements": "0.73724", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00781", "scoring_system": "epss", "scoring_elements": "0.73706", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00781", "scoring_system": "epss", "scoring_elements": "0.73658", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00781", "scoring_system": "epss", "scoring_elements": "0.73682", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00781", "scoring_system": "epss", "scoring_elements": "0.73654", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00781", "scoring_system": "epss", "scoring_elements": "0.7369", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00781", "scoring_system": "epss", "scoring_elements": "0.73703", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0635" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064514", "reference_id": "2064514", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064514" }, { "reference_url": "https://security.archlinux.org/ASA-202204-5", "reference_id": "ASA-202204-5", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202204-5" }, { "reference_url": "https://security.archlinux.org/AVG-2661", "reference_id": "AVG-2661", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2661" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371799?format=api", "purl": "pkg:alpm/archlinux/bind@9.18.1-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.18.1-1" } ], "aliases": [ "CVE-2022-0635" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x4bu-4ex7-37cd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49234?format=api", "vulnerability_id": "VCID-zgnn-ckqt-43fq", "summary": "Multiple vulnerabilities have been discovered in ISC BIND, the worst of which could result in denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0396.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0396.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0396", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28578", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.2853", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28623", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28579", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28665", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.2871", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28516", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28581", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28621", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0396" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0396", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0396" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064513", "reference_id": "2064513", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064513" }, { "reference_url": "https://security.archlinux.org/ASA-202204-5", "reference_id": "ASA-202204-5", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202204-5" }, { "reference_url": "https://security.archlinux.org/AVG-2661", "reference_id": "AVG-2661", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2661" }, { "reference_url": "https://security.gentoo.org/glsa/202210-25", "reference_id": "GLSA-202210-25", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202210-25" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7643", "reference_id": "RHSA-2022:7643", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7643" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8068", "reference_id": "RHSA-2022:8068", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8068" }, { "reference_url": "https://usn.ubuntu.com/5332-1/", "reference_id": "USN-5332-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5332-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371799?format=api", "purl": "pkg:alpm/archlinux/bind@9.18.1-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.18.1-1" } ], "aliases": [ "CVE-2022-0396" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zgnn-ckqt-43fq" } ], "fixing_vulnerabilities": [], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.18.0-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/371799?format=api", "purl": "pkg:alpm/archlinux/bind@9.18.1-1", "type": "alpm", "namespace": "archlinux", "name": "bind", "version": "9.18.1-1", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "9.18.3-1", "latest_non_vulnerable_version": "9.20.9-1", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49233?format=api", "vulnerability_id": "VCID-67zf-a3r9-wqcv", "summary": "Multiple vulnerabilities have been discovered in ISC BIND, the worst of which could result in denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25220.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25220.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-25220", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28459", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.2851", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.2855", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28551", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28509", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.29013", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.29079", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.29153", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.29202", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-25220" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25220", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25220" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064512", "reference_id": "2064512", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064512" }, { "reference_url": "https://security.archlinux.org/ASA-202204-5", "reference_id": "ASA-202204-5", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202204-5" }, { "reference_url": "https://security.archlinux.org/AVG-2661", "reference_id": "AVG-2661", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2661" }, { "reference_url": "https://security.gentoo.org/glsa/202210-25", "reference_id": "GLSA-202210-25", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202210-25" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7643", "reference_id": "RHSA-2022:7643", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7643" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7790", "reference_id": "RHSA-2022:7790", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7790" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8068", "reference_id": "RHSA-2022:8068", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8068" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8385", "reference_id": "RHSA-2022:8385", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8385" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0402", "reference_id": "RHSA-2023:0402", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0402" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2720", "reference_id": "RHSA-2024:2720", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2720" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21740", "reference_id": "RHSA-2025:21740", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21740" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21741", "reference_id": "RHSA-2025:21741", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21741" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21889", "reference_id": "RHSA-2025:21889", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21889" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22168", "reference_id": "RHSA-2025:22168", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22168" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23414", "reference_id": "RHSA-2025:23414", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23414" }, { "reference_url": "https://usn.ubuntu.com/5332-1/", "reference_id": "USN-5332-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5332-1/" }, { "reference_url": "https://usn.ubuntu.com/5332-2/", "reference_id": "USN-5332-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5332-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371799?format=api", "purl": "pkg:alpm/archlinux/bind@9.18.1-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.18.1-1" } ], "aliases": [ "CVE-2021-25220" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-67zf-a3r9-wqcv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/79582?format=api", "vulnerability_id": "VCID-b3u2-wjzm-duhc", "summary": "bind: When chasing DS records, a timed-out or artificially delayed fetch could cause 'named' to crash while resuming a DS lookup", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0667.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0667.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0667", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00694", "scoring_system": "epss", "scoring_elements": "0.71825", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00694", "scoring_system": "epss", "scoring_elements": "0.71866", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00694", "scoring_system": "epss", "scoring_elements": "0.71901", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00694", "scoring_system": "epss", "scoring_elements": "0.71883", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00694", "scoring_system": "epss", "scoring_elements": "0.71834", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00694", "scoring_system": "epss", "scoring_elements": "0.71853", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00694", "scoring_system": "epss", "scoring_elements": "0.71827", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00694", "scoring_system": "epss", "scoring_elements": "0.71865", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00694", "scoring_system": "epss", "scoring_elements": "0.71877", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0667" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064515", "reference_id": "2064515", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064515" }, { "reference_url": "https://security.archlinux.org/ASA-202204-5", "reference_id": "ASA-202204-5", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202204-5" }, { "reference_url": "https://security.archlinux.org/AVG-2661", "reference_id": "AVG-2661", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2661" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371799?format=api", "purl": "pkg:alpm/archlinux/bind@9.18.1-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.18.1-1" } ], "aliases": [ "CVE-2022-0667" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b3u2-wjzm-duhc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/79581?format=api", "vulnerability_id": "VCID-x4bu-4ex7-37cd", "summary": "bind: Lookups involving a DNAME could trigger an assertion failure when 'synth-from-dnssec' was enabled (which is the default)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0635.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0635.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0635", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00781", "scoring_system": "epss", "scoring_elements": "0.73649", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00781", "scoring_system": "epss", "scoring_elements": "0.73697", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00781", "scoring_system": "epss", "scoring_elements": "0.73724", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00781", "scoring_system": "epss", "scoring_elements": "0.73706", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00781", "scoring_system": "epss", "scoring_elements": "0.73658", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00781", "scoring_system": "epss", "scoring_elements": "0.73682", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00781", "scoring_system": "epss", "scoring_elements": "0.73654", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00781", "scoring_system": "epss", "scoring_elements": "0.7369", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00781", "scoring_system": "epss", "scoring_elements": "0.73703", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0635" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064514", "reference_id": "2064514", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064514" }, { "reference_url": "https://security.archlinux.org/ASA-202204-5", "reference_id": "ASA-202204-5", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202204-5" }, { "reference_url": "https://security.archlinux.org/AVG-2661", "reference_id": "AVG-2661", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2661" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371799?format=api", "purl": "pkg:alpm/archlinux/bind@9.18.1-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.18.1-1" } ], "aliases": [ "CVE-2022-0635" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x4bu-4ex7-37cd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49234?format=api", "vulnerability_id": "VCID-zgnn-ckqt-43fq", "summary": "Multiple vulnerabilities have been discovered in ISC BIND, the worst of which could result in denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0396.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0396.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0396", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28578", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.2853", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28623", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28579", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28665", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.2871", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28516", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28581", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28621", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0396" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0396", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0396" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064513", "reference_id": "2064513", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064513" }, { "reference_url": "https://security.archlinux.org/ASA-202204-5", "reference_id": "ASA-202204-5", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202204-5" }, { "reference_url": "https://security.archlinux.org/AVG-2661", "reference_id": "AVG-2661", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2661" }, { "reference_url": "https://security.gentoo.org/glsa/202210-25", "reference_id": "GLSA-202210-25", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202210-25" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7643", "reference_id": "RHSA-2022:7643", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7643" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8068", "reference_id": "RHSA-2022:8068", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8068" }, { "reference_url": "https://usn.ubuntu.com/5332-1/", "reference_id": "USN-5332-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5332-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371799?format=api", "purl": "pkg:alpm/archlinux/bind@9.18.1-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.18.1-1" } ], "aliases": [ "CVE-2022-0396" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zgnn-ckqt-43fq" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.18.1-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/371758?format=api", "purl": "pkg:alpm/archlinux/bind@9.18.2-1", "type": "alpm", "namespace": "archlinux", "name": "bind", "version": "9.18.2-1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "9.18.3-1", "latest_non_vulnerable_version": "9.20.9-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/79417?format=api", "vulnerability_id": "VCID-qhg8-95mf-aufj", "summary": "bind: Destroying a TLS session early causes assertion failure", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1183.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1183.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-1183", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00392", "scoring_system": "epss", "scoring_elements": "0.60098", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00392", "scoring_system": "epss", "scoring_elements": "0.60175", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00392", "scoring_system": "epss", "scoring_elements": "0.60201", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00392", "scoring_system": "epss", "scoring_elements": "0.6017", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00392", "scoring_system": "epss", "scoring_elements": "0.60219", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00392", "scoring_system": "epss", "scoring_elements": "0.60234", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00392", "scoring_system": "epss", "scoring_elements": "0.60255", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00392", "scoring_system": "epss", "scoring_elements": "0.60241", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00392", "scoring_system": "epss", "scoring_elements": "0.60224", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-1183" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087575", "reference_id": "2087575", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087575" }, { "reference_url": "https://security.archlinux.org/AVG-2727", "reference_id": "AVG-2727", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2727" }, { "reference_url": "https://usn.ubuntu.com/5429-1/", "reference_id": "USN-5429-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5429-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371759?format=api", "purl": "pkg:alpm/archlinux/bind@9.18.3-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.18.3-1" } ], "aliases": [ "CVE-2022-1183" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qhg8-95mf-aufj" } ], "fixing_vulnerabilities": [], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.18.2-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/371759?format=api", "purl": "pkg:alpm/archlinux/bind@9.18.3-1", "type": "alpm", "namespace": "archlinux", "name": "bind", "version": "9.18.3-1", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "9.18.7-1", "latest_non_vulnerable_version": "9.20.9-1", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/79417?format=api", "vulnerability_id": "VCID-qhg8-95mf-aufj", "summary": "bind: Destroying a TLS session early causes assertion failure", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1183.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1183.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-1183", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00392", "scoring_system": "epss", "scoring_elements": "0.60098", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00392", "scoring_system": "epss", "scoring_elements": "0.60175", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00392", "scoring_system": "epss", "scoring_elements": "0.60201", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00392", "scoring_system": "epss", "scoring_elements": "0.6017", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00392", "scoring_system": "epss", "scoring_elements": "0.60219", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00392", "scoring_system": "epss", "scoring_elements": "0.60234", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00392", "scoring_system": "epss", "scoring_elements": "0.60255", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00392", "scoring_system": "epss", "scoring_elements": "0.60241", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00392", "scoring_system": "epss", "scoring_elements": "0.60224", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-1183" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087575", "reference_id": "2087575", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087575" }, { "reference_url": "https://security.archlinux.org/AVG-2727", "reference_id": "AVG-2727", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2727" }, { "reference_url": "https://usn.ubuntu.com/5429-1/", "reference_id": "USN-5429-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5429-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371759?format=api", "purl": "pkg:alpm/archlinux/bind@9.18.3-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.18.3-1" } ], "aliases": [ "CVE-2022-1183" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qhg8-95mf-aufj" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.18.3-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/371066?format=api", "purl": "pkg:alpm/archlinux/bind@9.18.6-1", "type": "alpm", "namespace": "archlinux", "name": "bind", "version": "9.18.6-1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "9.18.7-1", "latest_non_vulnerable_version": "9.20.9-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49240?format=api", "vulnerability_id": "VCID-hb26-udtw-6uhy", "summary": "Multiple vulnerabilities have been discovered in ISC BIND, the worst of which could result in denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-38178.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-38178.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-38178", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01421", "scoring_system": "epss", "scoring_elements": "0.80593", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01421", "scoring_system": "epss", "scoring_elements": "0.80545", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01421", "scoring_system": "epss", "scoring_elements": "0.80567", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01421", "scoring_system": "epss", "scoring_elements": "0.80559", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01421", "scoring_system": "epss", "scoring_elements": "0.80588", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01421", "scoring_system": "epss", "scoring_elements": "0.80597", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01421", "scoring_system": "epss", "scoring_elements": "0.80614", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01421", "scoring_system": "epss", "scoring_elements": "0.80601", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-38178" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2795", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2795" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3080", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3080" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38177", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38177" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38178", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38178" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2128602", "reference_id": "2128602", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2128602" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2022/09/21/3", "reference_id": "3", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-28T15:22:52Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2022/09/21/3" }, { "reference_url": "https://security.archlinux.org/AVG-2811", "reference_id": "AVG-2811", "reference_type": "", "scores": [ { "value": "Unknown", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2811" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CV4GQWBPF7Y52J2FA24U6UMHQAOXZEF7/", "reference_id": "CV4GQWBPF7Y52J2FA24U6UMHQAOXZEF7", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-28T15:22:52Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CV4GQWBPF7Y52J2FA24U6UMHQAOXZEF7/" }, { "reference_url": "https://kb.isc.org/docs/cve-2022-38178", "reference_id": "cve-2022-38178", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-28T15:22:52Z/" } ], "url": "https://kb.isc.org/docs/cve-2022-38178" }, { "reference_url": "https://www.debian.org/security/2022/dsa-5235", "reference_id": "dsa-5235", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-28T15:22:52Z/" } ], "url": "https://www.debian.org/security/2022/dsa-5235" }, { "reference_url": "https://security.gentoo.org/glsa/202210-25", "reference_id": "GLSA-202210-25", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-28T15:22:52Z/" } ], "url": "https://security.gentoo.org/glsa/202210-25" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRHB6J4Z7BKH4HPEKG5D35QGRD6ANNMT/", "reference_id": "MRHB6J4Z7BKH4HPEKG5D35QGRD6ANNMT", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-28T15:22:52Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRHB6J4Z7BKH4HPEKG5D35QGRD6ANNMT/" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00007.html", "reference_id": "msg00007.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-28T15:22:52Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00007.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20221228-0009/", "reference_id": "ntap-20221228-0009", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-28T15:22:52Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20221228-0009/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6763", "reference_id": "RHSA-2022:6763", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6763" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6764", "reference_id": "RHSA-2022:6764", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6764" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6765", "reference_id": "RHSA-2022:6765", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6765" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6778", "reference_id": "RHSA-2022:6778", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6778" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6779", "reference_id": "RHSA-2022:6779", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6779" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6780", "reference_id": "RHSA-2022:6780", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6780" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6781", "reference_id": "RHSA-2022:6781", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6781" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8598", "reference_id": "RHSA-2022:8598", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8598" }, { "reference_url": "https://usn.ubuntu.com/5626-1/", "reference_id": "USN-5626-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5626-1/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZJQNUASODNVAWZV6STKG5SD6XIJ446S/", "reference_id": "YZJQNUASODNVAWZV6STKG5SD6XIJ446S", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-28T15:22:52Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZJQNUASODNVAWZV6STKG5SD6XIJ446S/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371067?format=api", "purl": "pkg:alpm/archlinux/bind@9.18.7-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.18.7-1" } ], "aliases": [ "CVE-2022-38178" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hb26-udtw-6uhy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49235?format=api", "vulnerability_id": "VCID-kpsw-dq9w-pkdr", "summary": "Multiple vulnerabilities have been discovered in ISC BIND, the worst of which could result in denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2795.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2795.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2795", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00493", "scoring_system": "epss", "scoring_elements": "0.65706", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00493", "scoring_system": "epss", "scoring_elements": "0.65669", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00493", "scoring_system": "epss", "scoring_elements": "0.65699", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00493", "scoring_system": "epss", "scoring_elements": "0.65665", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00493", "scoring_system": "epss", "scoring_elements": "0.65716", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00493", "scoring_system": "epss", "scoring_elements": "0.65728", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00493", "scoring_system": "epss", "scoring_elements": "0.6575", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00493", "scoring_system": "epss", "scoring_elements": "0.65735", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2795" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2795", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2795" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3080", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3080" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38177", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38177" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38178", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38178" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2128584", "reference_id": "2128584", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2128584" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2022/09/21/3", "reference_id": "3", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-12T17:20:53Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2022/09/21/3" }, { "reference_url": "https://security.archlinux.org/AVG-2811", "reference_id": "AVG-2811", "reference_type": "", "scores": [ { "value": "Unknown", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2811" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CV4GQWBPF7Y52J2FA24U6UMHQAOXZEF7/", "reference_id": "CV4GQWBPF7Y52J2FA24U6UMHQAOXZEF7", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-12T17:20:53Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CV4GQWBPF7Y52J2FA24U6UMHQAOXZEF7/" }, { "reference_url": "https://kb.isc.org/docs/cve-2022-2795", "reference_id": "cve-2022-2795", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-12T17:20:53Z/" } ], "url": "https://kb.isc.org/docs/cve-2022-2795" }, { "reference_url": "https://www.debian.org/security/2022/dsa-5235", "reference_id": "dsa-5235", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-12T17:20:53Z/" } ], "url": "https://www.debian.org/security/2022/dsa-5235" }, { "reference_url": "https://security.gentoo.org/glsa/202210-25", "reference_id": "GLSA-202210-25", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-12T17:20:53Z/" } ], "url": "https://security.gentoo.org/glsa/202210-25" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRHB6J4Z7BKH4HPEKG5D35QGRD6ANNMT/", "reference_id": "MRHB6J4Z7BKH4HPEKG5D35QGRD6ANNMT", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-12T17:20:53Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRHB6J4Z7BKH4HPEKG5D35QGRD6ANNMT/" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00007.html", "reference_id": "msg00007.html", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-12T17:20:53Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00007.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0402", "reference_id": "RHSA-2023:0402", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0402" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2261", "reference_id": "RHSA-2023:2261", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2261" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2792", "reference_id": "RHSA-2023:2792", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2792" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3002", "reference_id": "RHSA-2023:3002", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3002" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2720", "reference_id": "RHSA-2024:2720", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2720" }, { "reference_url": "https://usn.ubuntu.com/5626-1/", "reference_id": "USN-5626-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5626-1/" }, { "reference_url": "https://usn.ubuntu.com/5626-2/", "reference_id": "USN-5626-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5626-2/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZJQNUASODNVAWZV6STKG5SD6XIJ446S/", "reference_id": "YZJQNUASODNVAWZV6STKG5SD6XIJ446S", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-12T17:20:53Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZJQNUASODNVAWZV6STKG5SD6XIJ446S/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371067?format=api", "purl": "pkg:alpm/archlinux/bind@9.18.7-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.18.7-1" } ], "aliases": [ "CVE-2022-2795" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kpsw-dq9w-pkdr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49238?format=api", "vulnerability_id": "VCID-rgz6-urkq-ybch", "summary": "Multiple vulnerabilities have been discovered in ISC BIND, the worst of which could result in denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3080.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3080.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-3080", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00109", "scoring_system": "epss", "scoring_elements": "0.292", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00109", "scoring_system": "epss", "scoring_elements": "0.29328", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00109", "scoring_system": "epss", "scoring_elements": "0.29378", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00109", "scoring_system": "epss", "scoring_elements": "0.2919", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00109", "scoring_system": "epss", "scoring_elements": "0.29254", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00109", "scoring_system": "epss", "scoring_elements": "0.29295", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00109", "scoring_system": "epss", "scoring_elements": "0.29298", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00109", "scoring_system": "epss", "scoring_elements": "0.29252", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-3080" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2795", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2795" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3080", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3080" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38177", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38177" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38178", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38178" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2128600", "reference_id": "2128600", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2128600" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2022/09/21/3", "reference_id": "3", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-26T19:18:15Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2022/09/21/3" }, { "reference_url": "https://security.archlinux.org/AVG-2811", "reference_id": "AVG-2811", "reference_type": "", "scores": [ { "value": "Unknown", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2811" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CV4GQWBPF7Y52J2FA24U6UMHQAOXZEF7/", "reference_id": "CV4GQWBPF7Y52J2FA24U6UMHQAOXZEF7", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-26T19:18:15Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CV4GQWBPF7Y52J2FA24U6UMHQAOXZEF7/" }, { "reference_url": "https://kb.isc.org/docs/cve-2022-3080", "reference_id": "cve-2022-3080", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-26T19:18:15Z/" } ], "url": "https://kb.isc.org/docs/cve-2022-3080" }, { "reference_url": "https://www.debian.org/security/2022/dsa-5235", "reference_id": "dsa-5235", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-26T19:18:15Z/" } ], "url": "https://www.debian.org/security/2022/dsa-5235" }, { "reference_url": "https://security.gentoo.org/glsa/202210-25", "reference_id": "GLSA-202210-25", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-26T19:18:15Z/" } ], "url": "https://security.gentoo.org/glsa/202210-25" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRHB6J4Z7BKH4HPEKG5D35QGRD6ANNMT/", "reference_id": "MRHB6J4Z7BKH4HPEKG5D35QGRD6ANNMT", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-26T19:18:15Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRHB6J4Z7BKH4HPEKG5D35QGRD6ANNMT/" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240621-0002/", "reference_id": "ntap-20240621-0002", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-26T19:18:15Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240621-0002/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6763", "reference_id": "RHSA-2022:6763", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6763" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6781", "reference_id": "RHSA-2022:6781", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6781" }, { "reference_url": "https://usn.ubuntu.com/5626-1/", "reference_id": "USN-5626-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5626-1/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZJQNUASODNVAWZV6STKG5SD6XIJ446S/", "reference_id": "YZJQNUASODNVAWZV6STKG5SD6XIJ446S", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-26T19:18:15Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZJQNUASODNVAWZV6STKG5SD6XIJ446S/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371067?format=api", "purl": "pkg:alpm/archlinux/bind@9.18.7-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.18.7-1" } ], "aliases": [ "CVE-2022-3080" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rgz6-urkq-ybch" } ], "fixing_vulnerabilities": [], "risk_score": "3.4", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.18.6-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/371067?format=api", "purl": "pkg:alpm/archlinux/bind@9.18.7-1", "type": "alpm", "namespace": "archlinux", "name": "bind", "version": "9.18.7-1", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "9.20.9-1", "latest_non_vulnerable_version": "9.20.9-1", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49240?format=api", "vulnerability_id": "VCID-hb26-udtw-6uhy", "summary": "Multiple vulnerabilities have been discovered in ISC BIND, the worst of which could result in denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-38178.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-38178.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-38178", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01421", "scoring_system": "epss", "scoring_elements": "0.80593", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01421", "scoring_system": "epss", "scoring_elements": "0.80545", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01421", "scoring_system": "epss", "scoring_elements": "0.80567", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01421", "scoring_system": "epss", "scoring_elements": "0.80559", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01421", "scoring_system": "epss", "scoring_elements": "0.80588", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01421", "scoring_system": "epss", "scoring_elements": "0.80597", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01421", "scoring_system": "epss", "scoring_elements": "0.80614", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01421", "scoring_system": "epss", "scoring_elements": "0.80601", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-38178" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2795", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2795" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3080", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3080" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38177", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38177" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38178", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38178" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2128602", "reference_id": "2128602", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2128602" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2022/09/21/3", "reference_id": "3", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-28T15:22:52Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2022/09/21/3" }, { "reference_url": "https://security.archlinux.org/AVG-2811", "reference_id": "AVG-2811", "reference_type": "", "scores": [ { "value": "Unknown", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2811" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CV4GQWBPF7Y52J2FA24U6UMHQAOXZEF7/", "reference_id": "CV4GQWBPF7Y52J2FA24U6UMHQAOXZEF7", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-28T15:22:52Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CV4GQWBPF7Y52J2FA24U6UMHQAOXZEF7/" }, { "reference_url": "https://kb.isc.org/docs/cve-2022-38178", "reference_id": "cve-2022-38178", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-28T15:22:52Z/" } ], "url": "https://kb.isc.org/docs/cve-2022-38178" }, { "reference_url": "https://www.debian.org/security/2022/dsa-5235", "reference_id": "dsa-5235", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-28T15:22:52Z/" } ], "url": "https://www.debian.org/security/2022/dsa-5235" }, { "reference_url": "https://security.gentoo.org/glsa/202210-25", "reference_id": "GLSA-202210-25", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-28T15:22:52Z/" } ], "url": "https://security.gentoo.org/glsa/202210-25" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRHB6J4Z7BKH4HPEKG5D35QGRD6ANNMT/", "reference_id": "MRHB6J4Z7BKH4HPEKG5D35QGRD6ANNMT", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-28T15:22:52Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRHB6J4Z7BKH4HPEKG5D35QGRD6ANNMT/" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00007.html", "reference_id": "msg00007.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-28T15:22:52Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00007.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20221228-0009/", "reference_id": "ntap-20221228-0009", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-28T15:22:52Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20221228-0009/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6763", "reference_id": "RHSA-2022:6763", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6763" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6764", "reference_id": "RHSA-2022:6764", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6764" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6765", "reference_id": "RHSA-2022:6765", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6765" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6778", "reference_id": "RHSA-2022:6778", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6778" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6779", "reference_id": "RHSA-2022:6779", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6779" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6780", "reference_id": "RHSA-2022:6780", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6780" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6781", "reference_id": "RHSA-2022:6781", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6781" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8598", "reference_id": "RHSA-2022:8598", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8598" }, { "reference_url": "https://usn.ubuntu.com/5626-1/", "reference_id": "USN-5626-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5626-1/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZJQNUASODNVAWZV6STKG5SD6XIJ446S/", "reference_id": "YZJQNUASODNVAWZV6STKG5SD6XIJ446S", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-28T15:22:52Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZJQNUASODNVAWZV6STKG5SD6XIJ446S/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371067?format=api", "purl": "pkg:alpm/archlinux/bind@9.18.7-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.18.7-1" } ], "aliases": [ "CVE-2022-38178" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hb26-udtw-6uhy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49235?format=api", "vulnerability_id": "VCID-kpsw-dq9w-pkdr", "summary": "Multiple vulnerabilities have been discovered in ISC BIND, the worst of which could result in denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2795.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2795.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2795", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00493", "scoring_system": "epss", "scoring_elements": "0.65706", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00493", "scoring_system": "epss", "scoring_elements": "0.65669", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00493", "scoring_system": "epss", "scoring_elements": "0.65699", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00493", "scoring_system": "epss", "scoring_elements": "0.65665", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00493", "scoring_system": "epss", "scoring_elements": "0.65716", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00493", "scoring_system": "epss", "scoring_elements": "0.65728", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00493", "scoring_system": "epss", "scoring_elements": "0.6575", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00493", "scoring_system": "epss", "scoring_elements": "0.65735", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2795" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2795", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2795" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3080", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3080" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38177", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38177" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38178", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38178" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2128584", "reference_id": "2128584", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2128584" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2022/09/21/3", "reference_id": "3", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-12T17:20:53Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2022/09/21/3" }, { "reference_url": "https://security.archlinux.org/AVG-2811", "reference_id": "AVG-2811", "reference_type": "", "scores": [ { "value": "Unknown", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2811" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CV4GQWBPF7Y52J2FA24U6UMHQAOXZEF7/", "reference_id": "CV4GQWBPF7Y52J2FA24U6UMHQAOXZEF7", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-12T17:20:53Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CV4GQWBPF7Y52J2FA24U6UMHQAOXZEF7/" }, { "reference_url": "https://kb.isc.org/docs/cve-2022-2795", "reference_id": "cve-2022-2795", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-12T17:20:53Z/" } ], "url": "https://kb.isc.org/docs/cve-2022-2795" }, { "reference_url": "https://www.debian.org/security/2022/dsa-5235", "reference_id": "dsa-5235", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-12T17:20:53Z/" } ], "url": "https://www.debian.org/security/2022/dsa-5235" }, { "reference_url": "https://security.gentoo.org/glsa/202210-25", "reference_id": "GLSA-202210-25", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-12T17:20:53Z/" } ], "url": "https://security.gentoo.org/glsa/202210-25" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRHB6J4Z7BKH4HPEKG5D35QGRD6ANNMT/", "reference_id": "MRHB6J4Z7BKH4HPEKG5D35QGRD6ANNMT", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-12T17:20:53Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRHB6J4Z7BKH4HPEKG5D35QGRD6ANNMT/" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00007.html", "reference_id": "msg00007.html", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-12T17:20:53Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00007.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0402", "reference_id": "RHSA-2023:0402", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0402" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2261", "reference_id": "RHSA-2023:2261", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2261" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2792", "reference_id": "RHSA-2023:2792", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2792" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3002", "reference_id": "RHSA-2023:3002", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3002" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2720", "reference_id": "RHSA-2024:2720", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2720" }, { "reference_url": "https://usn.ubuntu.com/5626-1/", "reference_id": "USN-5626-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5626-1/" }, { "reference_url": "https://usn.ubuntu.com/5626-2/", "reference_id": "USN-5626-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5626-2/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZJQNUASODNVAWZV6STKG5SD6XIJ446S/", "reference_id": "YZJQNUASODNVAWZV6STKG5SD6XIJ446S", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-12T17:20:53Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZJQNUASODNVAWZV6STKG5SD6XIJ446S/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371067?format=api", "purl": "pkg:alpm/archlinux/bind@9.18.7-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.18.7-1" } ], "aliases": [ "CVE-2022-2795" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kpsw-dq9w-pkdr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49238?format=api", "vulnerability_id": "VCID-rgz6-urkq-ybch", "summary": "Multiple vulnerabilities have been discovered in ISC BIND, the worst of which could result in denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3080.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3080.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-3080", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00109", "scoring_system": "epss", "scoring_elements": "0.292", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00109", "scoring_system": "epss", "scoring_elements": "0.29328", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00109", "scoring_system": "epss", "scoring_elements": "0.29378", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00109", "scoring_system": "epss", "scoring_elements": "0.2919", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00109", "scoring_system": "epss", "scoring_elements": "0.29254", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00109", "scoring_system": "epss", "scoring_elements": "0.29295", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00109", "scoring_system": "epss", "scoring_elements": "0.29298", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00109", "scoring_system": "epss", "scoring_elements": "0.29252", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-3080" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2795", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2795" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3080", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3080" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38177", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38177" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38178", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38178" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2128600", "reference_id": "2128600", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2128600" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2022/09/21/3", "reference_id": "3", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-26T19:18:15Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2022/09/21/3" }, { "reference_url": "https://security.archlinux.org/AVG-2811", "reference_id": "AVG-2811", "reference_type": "", "scores": [ { "value": "Unknown", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2811" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CV4GQWBPF7Y52J2FA24U6UMHQAOXZEF7/", "reference_id": "CV4GQWBPF7Y52J2FA24U6UMHQAOXZEF7", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-26T19:18:15Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CV4GQWBPF7Y52J2FA24U6UMHQAOXZEF7/" }, { "reference_url": "https://kb.isc.org/docs/cve-2022-3080", "reference_id": "cve-2022-3080", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-26T19:18:15Z/" } ], "url": "https://kb.isc.org/docs/cve-2022-3080" }, { "reference_url": "https://www.debian.org/security/2022/dsa-5235", "reference_id": "dsa-5235", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-26T19:18:15Z/" } ], "url": "https://www.debian.org/security/2022/dsa-5235" }, { "reference_url": "https://security.gentoo.org/glsa/202210-25", "reference_id": "GLSA-202210-25", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-26T19:18:15Z/" } ], "url": "https://security.gentoo.org/glsa/202210-25" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRHB6J4Z7BKH4HPEKG5D35QGRD6ANNMT/", "reference_id": "MRHB6J4Z7BKH4HPEKG5D35QGRD6ANNMT", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-26T19:18:15Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRHB6J4Z7BKH4HPEKG5D35QGRD6ANNMT/" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240621-0002/", "reference_id": "ntap-20240621-0002", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-26T19:18:15Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240621-0002/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6763", "reference_id": "RHSA-2022:6763", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6763" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6781", "reference_id": "RHSA-2022:6781", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6781" }, { "reference_url": "https://usn.ubuntu.com/5626-1/", "reference_id": "USN-5626-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5626-1/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZJQNUASODNVAWZV6STKG5SD6XIJ446S/", "reference_id": "YZJQNUASODNVAWZV6STKG5SD6XIJ446S", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-26T19:18:15Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZJQNUASODNVAWZV6STKG5SD6XIJ446S/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371067?format=api", "purl": "pkg:alpm/archlinux/bind@9.18.7-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.18.7-1" } ], "aliases": [ "CVE-2022-3080" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rgz6-urkq-ybch" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.18.7-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/371641?format=api", "purl": "pkg:alpm/archlinux/bind@9.20.8-2", "type": "alpm", "namespace": "archlinux", "name": "bind", "version": "9.20.8-2", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "9.20.9-1", "latest_non_vulnerable_version": "9.20.9-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69524?format=api", "vulnerability_id": "VCID-nw9j-ggq9-uqaq", "summary": "bind: DNS message with invalid TSIG causes an assertion failure", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-40775.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-40775.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-40775", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00138", "scoring_system": "epss", "scoring_elements": "0.33915", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00138", "scoring_system": "epss", "scoring_elements": "0.33884", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00138", "scoring_system": "epss", "scoring_elements": "0.33769", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39862", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39845", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39873", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39887", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39896", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-40775" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2367442", "reference_id": "2367442", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2367442" }, { "reference_url": "https://security.archlinux.org/ASA-202505-14", "reference_id": "ASA-202505-14", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202505-14" }, { "reference_url": "https://security.archlinux.org/AVG-2881", "reference_id": "AVG-2881", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2881" }, { "reference_url": "https://kb.isc.org/docs/cve-2025-40775", "reference_id": "cve-2025-40775", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-21T13:19:58Z/" } ], "url": "https://kb.isc.org/docs/cve-2025-40775" }, { "reference_url": "https://usn.ubuntu.com/7526-1/", "reference_id": "USN-7526-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7526-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371642?format=api", "purl": "pkg:alpm/archlinux/bind@9.20.9-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.20.9-1" } ], "aliases": [ "CVE-2025-40775" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nw9j-ggq9-uqaq" } ], "fixing_vulnerabilities": [], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.20.8-2" }, { "url": "http://public2.vulnerablecode.io/api/packages/371642?format=api", "purl": "pkg:alpm/archlinux/bind@9.20.9-1", "type": "alpm", "namespace": "archlinux", "name": "bind", "version": "9.20.9-1", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69524?format=api", "vulnerability_id": "VCID-nw9j-ggq9-uqaq", "summary": "bind: DNS message with invalid TSIG causes an assertion failure", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-40775.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-40775.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-40775", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00138", "scoring_system": "epss", "scoring_elements": "0.33915", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00138", "scoring_system": "epss", "scoring_elements": "0.33884", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00138", "scoring_system": "epss", "scoring_elements": "0.33769", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39862", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39845", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39873", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39887", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39896", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-40775" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2367442", "reference_id": "2367442", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2367442" }, { "reference_url": "https://security.archlinux.org/ASA-202505-14", "reference_id": "ASA-202505-14", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202505-14" }, { "reference_url": "https://security.archlinux.org/AVG-2881", "reference_id": "AVG-2881", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2881" }, { "reference_url": "https://kb.isc.org/docs/cve-2025-40775", "reference_id": "cve-2025-40775", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-21T13:19:58Z/" } ], "url": "https://kb.isc.org/docs/cve-2025-40775" }, { "reference_url": "https://usn.ubuntu.com/7526-1/", "reference_id": "USN-7526-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7526-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371642?format=api", "purl": "pkg:alpm/archlinux/bind@9.20.9-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.20.9-1" } ], "aliases": [ "CVE-2025-40775" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nw9j-ggq9-uqaq" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.20.9-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/372547?format=api", "purl": "pkg:alpm/archlinux/binutils@2.26.0-1", "type": "alpm", "namespace": "archlinux", "name": "binutils", "version": "2.26.0-1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.28.0-1", "latest_non_vulnerable_version": "2.38-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/60872?format=api", "vulnerability_id": "VCID-2p9v-kf9t-b7fs", "summary": "Multiple vulnerabilities have been found in Binutils, the worst of\n which may allow remote attackers to cause a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7224.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7224.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7224", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.52812", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.52896", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.52878", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.52928", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.52912", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.52839", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.52865", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.52833", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.52884", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7224" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7224", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7224" }, { "reference_url": "https://sourceware.org/bugzilla/show_bug.cgi?id=20892", "reference_id": "", "reference_type": "", "scores": [], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=20892" }, { "reference_url": "http://www.securityfocus.com/bid/97277", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/97277" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1435247", "reference_id": "1435247", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1435247" }, { "reference_url": "https://security.archlinux.org/AVG-936", "reference_id": "AVG-936", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-936" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7224", "reference_id": "CVE-2017-7224", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7224" }, { "reference_url": "https://security.gentoo.org/glsa/201801-01", "reference_id": "GLSA-201801-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201801-01" }, { "reference_url": "https://usn.ubuntu.com/4336-2/", "reference_id": "USN-4336-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4336-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372548?format=api", "purl": "pkg:alpm/archlinux/binutils@2.27.0-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-325s-kx5s-97dj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.27.0-1" } ], "aliases": [ "CVE-2017-7224" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2p9v-kf9t-b7fs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/60873?format=api", "vulnerability_id": "VCID-cttr-nc15-jbb9", "summary": "Multiple vulnerabilities have been found in Binutils, the worst of\n which may allow remote attackers to cause a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7225.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7225.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7225", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.60116", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00432", "scoring_system": "epss", "scoring_elements": "0.6254", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00432", "scoring_system": "epss", "scoring_elements": "0.62662", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00432", "scoring_system": "epss", "scoring_elements": "0.6268", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00432", "scoring_system": "epss", "scoring_elements": "0.62669", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00432", "scoring_system": "epss", "scoring_elements": "0.62598", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00432", "scoring_system": "epss", "scoring_elements": "0.62631", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00432", "scoring_system": "epss", "scoring_elements": "0.62596", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00432", "scoring_system": "epss", "scoring_elements": "0.62646", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7225" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7225", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7225" }, { "reference_url": "https://sourceware.org/bugzilla/show_bug.cgi?id=20891", "reference_id": "", "reference_type": "", "scores": [], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=20891" }, { "reference_url": "http://www.securityfocus.com/bid/97275", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/97275" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1435287", "reference_id": "1435287", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1435287" }, { "reference_url": "https://security.archlinux.org/AVG-936", "reference_id": "AVG-936", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-936" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7225", "reference_id": "CVE-2017-7225", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7225" }, { "reference_url": "https://security.gentoo.org/glsa/201801-01", "reference_id": "GLSA-201801-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201801-01" }, { "reference_url": "https://usn.ubuntu.com/4336-2/", "reference_id": "USN-4336-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4336-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372548?format=api", "purl": "pkg:alpm/archlinux/binutils@2.27.0-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-325s-kx5s-97dj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.27.0-1" } ], "aliases": [ "CVE-2017-7225" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cttr-nc15-jbb9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/84729?format=api", "vulnerability_id": "VCID-ej6t-hx56-hbfe", "summary": "binutils: Heap-based buffer over-read in pe_ILF_object_p function in libbfd", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7226.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7226.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7226", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00379", "scoring_system": "epss", "scoring_elements": "0.59321", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00379", "scoring_system": "epss", "scoring_elements": "0.59434", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00379", "scoring_system": "epss", "scoring_elements": "0.5945", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00379", "scoring_system": "epss", "scoring_elements": "0.59468", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00379", "scoring_system": "epss", "scoring_elements": "0.59452", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00379", "scoring_system": "epss", "scoring_elements": "0.59395", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00379", "scoring_system": "epss", "scoring_elements": "0.5942", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00379", "scoring_system": "epss", "scoring_elements": "0.59385", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00379", "scoring_system": "epss", "scoring_elements": "0.59436", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7226" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7226", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7226" }, { "reference_url": "https://sourceware.org/bugzilla/show_bug.cgi?id=20905", "reference_id": "", "reference_type": "", "scores": [], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=20905" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1435300", "reference_id": "1435300", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1435300" }, { "reference_url": "https://security.archlinux.org/AVG-936", "reference_id": "AVG-936", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-936" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7226", "reference_id": "CVE-2017-7226", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:N/A:P" }, { "value": "9.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7226" }, { "reference_url": "https://usn.ubuntu.com/4336-2/", "reference_id": "USN-4336-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4336-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372548?format=api", "purl": "pkg:alpm/archlinux/binutils@2.27.0-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-325s-kx5s-97dj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.27.0-1" } ], "aliases": [ "CVE-2017-7226" ], "risk_score": 4.1, "exploitability": "0.5", "weighted_severity": "8.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ej6t-hx56-hbfe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/60871?format=api", "vulnerability_id": "VCID-qkjb-wje6-gkgr", "summary": "Multiple vulnerabilities have been found in Binutils, the worst of\n which may allow remote attackers to cause a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7223.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7223.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7223", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0039", "scoring_system": "epss", "scoring_elements": "0.59919", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0039", "scoring_system": "epss", "scoring_elements": "0.60043", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0039", "scoring_system": "epss", "scoring_elements": "0.60055", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0039", "scoring_system": "epss", "scoring_elements": "0.60076", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0039", "scoring_system": "epss", "scoring_elements": "0.6006", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0039", "scoring_system": "epss", "scoring_elements": "0.59996", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0039", "scoring_system": "epss", "scoring_elements": "0.60021", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0039", "scoring_system": "epss", "scoring_elements": "0.59991", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0039", "scoring_system": "epss", "scoring_elements": "0.60041", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7223" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7223", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7223" }, { "reference_url": "https://sourceware.org/bugzilla/show_bug.cgi?id=20898", "reference_id": "", "reference_type": "", "scores": [], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=20898" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1435244", "reference_id": "1435244", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1435244" }, { "reference_url": "https://security.archlinux.org/AVG-936", "reference_id": "AVG-936", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-936" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7223", "reference_id": "CVE-2017-7223", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7223" }, { "reference_url": "https://security.gentoo.org/glsa/201801-01", "reference_id": "GLSA-201801-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201801-01" }, { "reference_url": "https://usn.ubuntu.com/4336-2/", "reference_id": "USN-4336-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4336-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372548?format=api", "purl": "pkg:alpm/archlinux/binutils@2.27.0-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-325s-kx5s-97dj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.27.0-1" } ], "aliases": [ "CVE-2017-7223" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qkjb-wje6-gkgr" } ], "fixing_vulnerabilities": [], "risk_score": "4.1", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.26.0-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/372548?format=api", "purl": "pkg:alpm/archlinux/binutils@2.27.0-1", "type": "alpm", "namespace": "archlinux", "name": "binutils", "version": "2.27.0-1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.28.0-1", "latest_non_vulnerable_version": "2.38-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/60874?format=api", "vulnerability_id": "VCID-325s-kx5s-97dj", "summary": "Multiple vulnerabilities have been found in Binutils, the worst of\n which may allow remote attackers to cause a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7227.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7227.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7227", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0044", "scoring_system": "epss", "scoring_elements": "0.63094", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0044", "scoring_system": "epss", "scoring_elements": "0.63182", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0044", "scoring_system": "epss", "scoring_elements": "0.632", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0044", "scoring_system": "epss", "scoring_elements": "0.63218", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0044", "scoring_system": "epss", "scoring_elements": "0.63235", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0044", "scoring_system": "epss", "scoring_elements": "0.63219", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0044", "scoring_system": "epss", "scoring_elements": "0.63153", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0044", "scoring_system": "epss", "scoring_elements": "0.63183", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0044", "scoring_system": "epss", "scoring_elements": "0.63148", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7227" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7227", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7227" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://sourceware.org/bugzilla/show_bug.cgi?id=20906", "reference_id": "", "reference_type": "", "scores": [], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=20906" }, { "reference_url": "http://www.securityfocus.com/bid/97209", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/97209" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1435303", "reference_id": "1435303", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1435303" }, { "reference_url": "https://security.archlinux.org/AVG-937", "reference_id": "AVG-937", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-937" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7227", "reference_id": "CVE-2017-7227", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7227" }, { "reference_url": "https://security.gentoo.org/glsa/201801-01", "reference_id": "GLSA-201801-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201801-01" }, { "reference_url": "https://usn.ubuntu.com/4336-2/", "reference_id": "USN-4336-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4336-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374314?format=api", "purl": "pkg:alpm/archlinux/binutils@2.28.0-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.28.0-1" } ], "aliases": [ "CVE-2017-7227" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-325s-kx5s-97dj" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/60872?format=api", "vulnerability_id": "VCID-2p9v-kf9t-b7fs", "summary": "Multiple vulnerabilities have been found in Binutils, the worst of\n which may allow remote attackers to cause a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7224.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7224.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7224", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.52812", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.52896", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.52878", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.52928", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.52912", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.52839", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.52865", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.52833", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.52884", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7224" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7224", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7224" }, { "reference_url": "https://sourceware.org/bugzilla/show_bug.cgi?id=20892", "reference_id": "", "reference_type": "", "scores": [], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=20892" }, { "reference_url": "http://www.securityfocus.com/bid/97277", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/97277" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1435247", "reference_id": "1435247", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1435247" }, { "reference_url": "https://security.archlinux.org/AVG-936", "reference_id": "AVG-936", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-936" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7224", "reference_id": "CVE-2017-7224", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7224" }, { "reference_url": "https://security.gentoo.org/glsa/201801-01", "reference_id": "GLSA-201801-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201801-01" }, { "reference_url": "https://usn.ubuntu.com/4336-2/", "reference_id": "USN-4336-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4336-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372548?format=api", "purl": "pkg:alpm/archlinux/binutils@2.27.0-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-325s-kx5s-97dj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.27.0-1" } ], "aliases": [ "CVE-2017-7224" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2p9v-kf9t-b7fs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/60873?format=api", "vulnerability_id": "VCID-cttr-nc15-jbb9", "summary": "Multiple vulnerabilities have been found in Binutils, the worst of\n which may allow remote attackers to cause a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7225.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7225.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7225", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.60116", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00432", "scoring_system": "epss", "scoring_elements": "0.6254", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00432", "scoring_system": "epss", "scoring_elements": "0.62662", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00432", "scoring_system": "epss", "scoring_elements": "0.6268", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00432", "scoring_system": "epss", "scoring_elements": "0.62669", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00432", "scoring_system": "epss", "scoring_elements": "0.62598", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00432", "scoring_system": "epss", "scoring_elements": "0.62631", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00432", "scoring_system": "epss", "scoring_elements": "0.62596", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00432", "scoring_system": "epss", "scoring_elements": "0.62646", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7225" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7225", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7225" }, { "reference_url": "https://sourceware.org/bugzilla/show_bug.cgi?id=20891", "reference_id": "", "reference_type": "", "scores": [], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=20891" }, { "reference_url": "http://www.securityfocus.com/bid/97275", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/97275" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1435287", "reference_id": "1435287", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1435287" }, { "reference_url": "https://security.archlinux.org/AVG-936", "reference_id": "AVG-936", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-936" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7225", "reference_id": "CVE-2017-7225", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7225" }, { "reference_url": "https://security.gentoo.org/glsa/201801-01", "reference_id": "GLSA-201801-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201801-01" }, { "reference_url": "https://usn.ubuntu.com/4336-2/", "reference_id": "USN-4336-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4336-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372548?format=api", "purl": "pkg:alpm/archlinux/binutils@2.27.0-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-325s-kx5s-97dj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.27.0-1" } ], "aliases": [ "CVE-2017-7225" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cttr-nc15-jbb9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/84729?format=api", "vulnerability_id": "VCID-ej6t-hx56-hbfe", "summary": "binutils: Heap-based buffer over-read in pe_ILF_object_p function in libbfd", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7226.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7226.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7226", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00379", "scoring_system": "epss", "scoring_elements": "0.59321", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00379", "scoring_system": "epss", "scoring_elements": "0.59434", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00379", "scoring_system": "epss", "scoring_elements": "0.5945", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00379", "scoring_system": "epss", "scoring_elements": "0.59468", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00379", "scoring_system": "epss", "scoring_elements": "0.59452", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00379", "scoring_system": "epss", "scoring_elements": "0.59395", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00379", "scoring_system": "epss", "scoring_elements": "0.5942", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00379", "scoring_system": "epss", "scoring_elements": "0.59385", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00379", "scoring_system": "epss", "scoring_elements": "0.59436", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7226" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7226", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7226" }, { "reference_url": "https://sourceware.org/bugzilla/show_bug.cgi?id=20905", "reference_id": "", "reference_type": "", "scores": [], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=20905" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1435300", "reference_id": "1435300", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1435300" }, { "reference_url": "https://security.archlinux.org/AVG-936", "reference_id": "AVG-936", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-936" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7226", "reference_id": "CVE-2017-7226", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:N/A:P" }, { "value": "9.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7226" }, { "reference_url": "https://usn.ubuntu.com/4336-2/", "reference_id": "USN-4336-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4336-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372548?format=api", "purl": "pkg:alpm/archlinux/binutils@2.27.0-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-325s-kx5s-97dj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.27.0-1" } ], "aliases": [ "CVE-2017-7226" ], "risk_score": 4.1, "exploitability": "0.5", "weighted_severity": "8.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ej6t-hx56-hbfe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/60871?format=api", "vulnerability_id": "VCID-qkjb-wje6-gkgr", "summary": "Multiple vulnerabilities have been found in Binutils, the worst of\n which may allow remote attackers to cause a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7223.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7223.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7223", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0039", "scoring_system": "epss", "scoring_elements": "0.59919", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0039", "scoring_system": "epss", "scoring_elements": "0.60043", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0039", "scoring_system": "epss", "scoring_elements": "0.60055", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0039", "scoring_system": "epss", "scoring_elements": "0.60076", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0039", "scoring_system": "epss", "scoring_elements": "0.6006", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0039", "scoring_system": "epss", "scoring_elements": "0.59996", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0039", "scoring_system": "epss", "scoring_elements": "0.60021", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0039", "scoring_system": "epss", "scoring_elements": "0.59991", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0039", "scoring_system": "epss", "scoring_elements": "0.60041", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7223" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7223", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7223" }, { "reference_url": "https://sourceware.org/bugzilla/show_bug.cgi?id=20898", "reference_id": "", "reference_type": "", "scores": [], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=20898" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1435244", "reference_id": "1435244", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1435244" }, { "reference_url": "https://security.archlinux.org/AVG-936", "reference_id": "AVG-936", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-936" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7223", "reference_id": "CVE-2017-7223", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7223" }, { "reference_url": "https://security.gentoo.org/glsa/201801-01", "reference_id": "GLSA-201801-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201801-01" }, { "reference_url": "https://usn.ubuntu.com/4336-2/", "reference_id": "USN-4336-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4336-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372548?format=api", "purl": "pkg:alpm/archlinux/binutils@2.27.0-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-325s-kx5s-97dj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.27.0-1" } ], "aliases": [ "CVE-2017-7223" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qkjb-wje6-gkgr" } ], "risk_score": "3.4", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.27.0-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/374314?format=api", "purl": "pkg:alpm/archlinux/binutils@2.28.0-1", "type": "alpm", "namespace": "archlinux", "name": "binutils", "version": "2.28.0-1", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "2.29.0-1", "latest_non_vulnerable_version": "2.38-1", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/60874?format=api", "vulnerability_id": "VCID-325s-kx5s-97dj", "summary": "Multiple vulnerabilities have been found in Binutils, the worst of\n which may allow remote attackers to cause a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7227.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7227.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7227", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0044", "scoring_system": "epss", "scoring_elements": "0.63094", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0044", "scoring_system": "epss", "scoring_elements": "0.63182", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0044", "scoring_system": "epss", "scoring_elements": "0.632", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0044", "scoring_system": "epss", "scoring_elements": "0.63218", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0044", "scoring_system": "epss", "scoring_elements": "0.63235", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0044", "scoring_system": "epss", "scoring_elements": "0.63219", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0044", "scoring_system": "epss", "scoring_elements": "0.63153", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0044", "scoring_system": "epss", "scoring_elements": "0.63183", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0044", "scoring_system": "epss", "scoring_elements": "0.63148", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7227" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7227", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7227" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://sourceware.org/bugzilla/show_bug.cgi?id=20906", "reference_id": "", "reference_type": "", "scores": [], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=20906" }, { "reference_url": "http://www.securityfocus.com/bid/97209", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/97209" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1435303", "reference_id": "1435303", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1435303" }, { "reference_url": "https://security.archlinux.org/AVG-937", "reference_id": "AVG-937", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-937" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7227", "reference_id": "CVE-2017-7227", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7227" }, { "reference_url": "https://security.gentoo.org/glsa/201801-01", "reference_id": "GLSA-201801-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201801-01" }, { "reference_url": "https://usn.ubuntu.com/4336-2/", "reference_id": "USN-4336-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4336-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374314?format=api", "purl": "pkg:alpm/archlinux/binutils@2.28.0-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.28.0-1" } ], "aliases": [ "CVE-2017-7227" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-325s-kx5s-97dj" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.28.0-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/373005?format=api", "purl": "pkg:alpm/archlinux/binutils@2.28.0-4", "type": "alpm", "namespace": "archlinux", "name": "binutils", "version": "2.28.0-4", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.29.0-1", "latest_non_vulnerable_version": "2.38-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50177?format=api", "vulnerability_id": "VCID-1rp7-5hxs-tqbx", "summary": "Multiple vulnerabilities have been found in Binutils, the worst of\n which may allow remote attackers to cause a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6965.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6965.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6965", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48609", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48672", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48624", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48678", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48674", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48692", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48666", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.4865", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00292", "scoring_system": "epss", "scoring_elements": "0.52557", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6965" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6965", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6965" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://sourceware.org/bugzilla/show_bug.cgi?id=21137", "reference_id": "", "reference_type": "", "scores": [], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=21137" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1435640", "reference_id": "1435640", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1435640" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858264", "reference_id": "858264", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858264" }, { "reference_url": "https://security.archlinux.org/AVG-276", "reference_id": "AVG-276", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-276" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6965", "reference_id": "CVE-2017-6965", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6965" }, { "reference_url": "https://security.gentoo.org/glsa/201709-02", "reference_id": "GLSA-201709-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201709-02" }, { "reference_url": "https://usn.ubuntu.com/4336-2/", "reference_id": "USN-4336-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4336-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373006?format=api", "purl": "pkg:alpm/archlinux/binutils@2.29.0-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.29.0-1" } ], "aliases": [ "CVE-2017-6965" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1rp7-5hxs-tqbx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/60869?format=api", "vulnerability_id": "VCID-4ty8-8ecg-mqdy", "summary": "Multiple vulnerabilities have been found in Binutils, the worst of\n which may allow remote attackers to cause a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7209.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7209.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7209", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00314", "scoring_system": "epss", "scoring_elements": "0.5447", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00314", "scoring_system": "epss", "scoring_elements": "0.54556", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00314", "scoring_system": "epss", "scoring_elements": "0.54583", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00314", "scoring_system": "epss", "scoring_elements": "0.54595", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00314", "scoring_system": "epss", "scoring_elements": "0.54577", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00314", "scoring_system": "epss", "scoring_elements": "0.54545", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00314", "scoring_system": "epss", "scoring_elements": "0.54569", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00314", "scoring_system": "epss", "scoring_elements": "0.54537", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00314", "scoring_system": "epss", "scoring_elements": "0.54589", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7209" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7209", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7209" }, { "reference_url": "https://sourceware.org/bugzilla/show_bug.cgi?id=21135", "reference_id": "", "reference_type": "", "scores": [], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=21135" }, { "reference_url": "http://www.securityfocus.com/bid/96994", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/96994" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1435632", "reference_id": "1435632", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1435632" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858323", "reference_id": "858323", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858323" }, { "reference_url": "https://security.archlinux.org/AVG-276", "reference_id": "AVG-276", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-276" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7209", "reference_id": "CVE-2017-7209", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7209" }, { "reference_url": "https://security.gentoo.org/glsa/201801-01", "reference_id": "GLSA-201801-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201801-01" }, { "reference_url": "https://usn.ubuntu.com/4336-2/", "reference_id": "USN-4336-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4336-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373006?format=api", "purl": "pkg:alpm/archlinux/binutils@2.29.0-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.29.0-1" } ], "aliases": [ "CVE-2017-7209" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4ty8-8ecg-mqdy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50193?format=api", "vulnerability_id": "VCID-5cxe-ara7-jfcr", "summary": "Multiple vulnerabilities have been found in Binutils, the worst of\n which may allow remote attackers to cause a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9041.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9041.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9041", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00483", "scoring_system": "epss", "scoring_elements": "0.6513", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00483", "scoring_system": "epss", "scoring_elements": "0.65211", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00483", "scoring_system": "epss", "scoring_elements": "0.65233", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00483", "scoring_system": "epss", "scoring_elements": "0.65251", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00483", "scoring_system": "epss", "scoring_elements": "0.65239", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00483", "scoring_system": "epss", "scoring_elements": "0.6518", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00483", "scoring_system": "epss", "scoring_elements": "0.65205", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00483", "scoring_system": "epss", "scoring_elements": "0.65171", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00483", "scoring_system": "epss", "scoring_elements": "0.65221", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9041" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9041", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9041" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.6", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:N/I:N/A:P" }, { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1452171", "reference_id": "1452171", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1452171" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863674", "reference_id": "863674", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863674" }, { "reference_url": "https://security.archlinux.org/AVG-276", "reference_id": "AVG-276", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-276" }, { "reference_url": "https://security.gentoo.org/glsa/201709-02", "reference_id": "GLSA-201709-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201709-02" }, { "reference_url": "https://usn.ubuntu.com/4336-2/", "reference_id": "USN-4336-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4336-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373006?format=api", "purl": "pkg:alpm/archlinux/binutils@2.29.0-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.29.0-1" } ], "aliases": [ "CVE-2017-9041" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5cxe-ara7-jfcr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/84365?format=api", "vulnerability_id": "VCID-b5je-gm19-yba5", "summary": "binutils: Out-of-bounds read in the print_symbol_for_build_attribute function", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9044.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9044.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9044", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00317", "scoring_system": "epss", "scoring_elements": "0.54763", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00421", "scoring_system": "epss", "scoring_elements": "0.61848", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00421", "scoring_system": "epss", "scoring_elements": "0.6201", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00421", "scoring_system": "epss", "scoring_elements": "0.61999", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00421", "scoring_system": "epss", "scoring_elements": "0.61921", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00421", "scoring_system": "epss", "scoring_elements": "0.61951", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00421", "scoring_system": "epss", "scoring_elements": "0.61971", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00421", "scoring_system": "epss", "scoring_elements": "0.61988", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9044" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9044", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9044" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1452176", "reference_id": "1452176", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1452176" }, { "reference_url": "https://security.archlinux.org/AVG-276", "reference_id": "AVG-276", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-276" }, { "reference_url": "https://usn.ubuntu.com/4336-2/", "reference_id": "USN-4336-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4336-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373006?format=api", "purl": "pkg:alpm/archlinux/binutils@2.29.0-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.29.0-1" } ], "aliases": [ "CVE-2017-9044" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b5je-gm19-yba5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50190?format=api", "vulnerability_id": "VCID-dyx7-6xgz-mqa7", "summary": "Multiple vulnerabilities have been found in Binutils, the worst of\n which may allow remote attackers to cause a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9038.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9038.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9038", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.57909", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58021", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58063", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58042", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.57993", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58013", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.57988", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58043", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58046", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9038" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9038", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9038" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1452167", "reference_id": "1452167", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1452167" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863674", "reference_id": "863674", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863674" }, { "reference_url": "https://security.archlinux.org/AVG-276", "reference_id": "AVG-276", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-276" }, { "reference_url": "https://security.gentoo.org/glsa/201709-02", "reference_id": "GLSA-201709-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201709-02" }, { "reference_url": "https://usn.ubuntu.com/4336-2/", "reference_id": "USN-4336-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4336-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373006?format=api", "purl": "pkg:alpm/archlinux/binutils@2.29.0-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.29.0-1" } ], "aliases": [ "CVE-2017-9038" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dyx7-6xgz-mqa7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50192?format=api", "vulnerability_id": "VCID-j2wc-yxrx-4kh6", "summary": "Multiple vulnerabilities have been found in Binutils, the worst of\n which may allow remote attackers to cause a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9040.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9040.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9040", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58021", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00475", "scoring_system": "epss", "scoring_elements": "0.64702", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00475", "scoring_system": "epss", "scoring_elements": "0.64809", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00475", "scoring_system": "epss", "scoring_elements": "0.64826", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00475", "scoring_system": "epss", "scoring_elements": "0.64816", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00475", "scoring_system": "epss", "scoring_elements": "0.64754", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00475", "scoring_system": "epss", "scoring_elements": "0.64782", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00475", "scoring_system": "epss", "scoring_elements": "0.64745", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00475", "scoring_system": "epss", "scoring_elements": "0.64795", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9040" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9040", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9040" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.6", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:N/I:N/A:P" }, { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1452169", "reference_id": "1452169", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1452169" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863674", "reference_id": "863674", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863674" }, { "reference_url": "https://security.archlinux.org/AVG-276", "reference_id": "AVG-276", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-276" }, { "reference_url": "https://security.gentoo.org/glsa/201709-02", "reference_id": "GLSA-201709-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201709-02" }, { "reference_url": "https://usn.ubuntu.com/4336-2/", "reference_id": "USN-4336-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4336-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373006?format=api", "purl": "pkg:alpm/archlinux/binutils@2.29.0-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.29.0-1" } ], "aliases": [ "CVE-2017-9040" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j2wc-yxrx-4kh6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50178?format=api", "vulnerability_id": "VCID-kzqn-frns-jyab", "summary": "Multiple vulnerabilities have been found in Binutils, the worst of\n which may allow remote attackers to cause a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6966.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6966.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6966", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00278", "scoring_system": "epss", "scoring_elements": "0.51154", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00278", "scoring_system": "epss", "scoring_elements": "0.51251", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00278", "scoring_system": "epss", "scoring_elements": "0.51243", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00278", "scoring_system": "epss", "scoring_elements": "0.51287", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00278", "scoring_system": "epss", "scoring_elements": "0.51265", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00278", "scoring_system": "epss", "scoring_elements": "0.51207", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00278", "scoring_system": "epss", "scoring_elements": "0.51232", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00278", "scoring_system": "epss", "scoring_elements": "0.51191", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00278", "scoring_system": "epss", "scoring_elements": "0.51246", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6966" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6966", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6966" }, { "reference_url": "https://sourceware.org/bugzilla/show_bug.cgi?id=21139", "reference_id": "", "reference_type": "", "scores": [], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=21139" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1435646", "reference_id": "1435646", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1435646" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858263", "reference_id": "858263", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858263" }, { "reference_url": "https://security.archlinux.org/AVG-276", "reference_id": "AVG-276", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-276" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6966", "reference_id": "CVE-2017-6966", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6966" }, { "reference_url": "https://security.gentoo.org/glsa/201709-02", "reference_id": "GLSA-201709-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201709-02" }, { "reference_url": "https://usn.ubuntu.com/4336-2/", "reference_id": "USN-4336-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4336-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373006?format=api", "purl": "pkg:alpm/archlinux/binutils@2.29.0-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.29.0-1" } ], "aliases": [ "CVE-2017-6966" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kzqn-frns-jyab" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/60870?format=api", "vulnerability_id": "VCID-mgmr-bkuv-sbba", "summary": "Multiple vulnerabilities have been found in Binutils, the worst of\n which may allow remote attackers to cause a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7210.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7210.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7210", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00314", "scoring_system": "epss", "scoring_elements": "0.5447", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00314", "scoring_system": "epss", "scoring_elements": "0.54556", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00314", "scoring_system": "epss", "scoring_elements": "0.54583", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00314", "scoring_system": "epss", "scoring_elements": "0.54595", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00314", "scoring_system": "epss", "scoring_elements": "0.54577", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00314", "scoring_system": "epss", "scoring_elements": "0.54545", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00314", "scoring_system": "epss", "scoring_elements": "0.54569", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00314", "scoring_system": "epss", "scoring_elements": "0.54537", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00314", "scoring_system": "epss", "scoring_elements": "0.54589", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7210" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7210", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7210" }, { "reference_url": "https://sourceware.org/bugzilla/show_bug.cgi?id=21157", "reference_id": "", "reference_type": "", "scores": [], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=21157" }, { "reference_url": "http://www.securityfocus.com/bid/96992", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/96992" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1435634", "reference_id": "1435634", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1435634" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858324", "reference_id": "858324", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858324" }, { "reference_url": "https://security.archlinux.org/AVG-276", "reference_id": "AVG-276", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-276" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7210", "reference_id": "CVE-2017-7210", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7210" }, { "reference_url": "https://security.gentoo.org/glsa/201801-01", "reference_id": "GLSA-201801-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201801-01" }, { "reference_url": "https://usn.ubuntu.com/4336-2/", "reference_id": "USN-4336-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4336-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373006?format=api", "purl": "pkg:alpm/archlinux/binutils@2.29.0-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.29.0-1" } ], "aliases": [ "CVE-2017-7210" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mgmr-bkuv-sbba" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/84364?format=api", "vulnerability_id": "VCID-n93p-dptt-r3hg", "summary": "binutils: Shift exponent too large for type unsigned long in readelf.c", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9043.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9043.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9043", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00395", "scoring_system": "epss", "scoring_elements": "0.60219", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00395", "scoring_system": "epss", "scoring_elements": "0.60295", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00395", "scoring_system": "epss", "scoring_elements": "0.6032", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00395", "scoring_system": "epss", "scoring_elements": "0.60288", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00395", "scoring_system": "epss", "scoring_elements": "0.60375", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00395", "scoring_system": "epss", "scoring_elements": "0.60361", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00395", "scoring_system": "epss", "scoring_elements": "0.60338", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00395", "scoring_system": "epss", "scoring_elements": "0.60354", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00471", "scoring_system": "epss", "scoring_elements": "0.64622", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9043" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9043", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9043" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1452175", "reference_id": "1452175", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1452175" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863674", "reference_id": "863674", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863674" }, { "reference_url": "https://security.archlinux.org/AVG-276", "reference_id": "AVG-276", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-276" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373006?format=api", "purl": "pkg:alpm/archlinux/binutils@2.29.0-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.29.0-1" } ], "aliases": [ "CVE-2017-9043" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n93p-dptt-r3hg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50179?format=api", "vulnerability_id": "VCID-qnnr-5t4r-xfdc", "summary": "Multiple vulnerabilities have been found in Binutils, the worst of\n which may allow remote attackers to cause a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6969.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6969.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6969", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00455", "scoring_system": "epss", "scoring_elements": "0.63754", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00455", "scoring_system": "epss", "scoring_elements": "0.63834", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00455", "scoring_system": "epss", "scoring_elements": "0.63868", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00455", "scoring_system": "epss", "scoring_elements": "0.63881", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00455", "scoring_system": "epss", "scoring_elements": "0.63867", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00455", "scoring_system": "epss", "scoring_elements": "0.63816", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00455", "scoring_system": "epss", "scoring_elements": "0.63842", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00455", "scoring_system": "epss", "scoring_elements": "0.63799", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00455", "scoring_system": "epss", "scoring_elements": "0.6385", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6969" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6969", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6969" }, { "reference_url": "https://sourceware.org/bugzilla/show_bug.cgi?id=21156", "reference_id": "", "reference_type": "", "scores": [], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=21156" }, { "reference_url": "http://www.securityfocus.com/bid/97065", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/97065" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1435648", "reference_id": "1435648", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1435648" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858256", "reference_id": "858256", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858256" }, { "reference_url": "https://security.archlinux.org/AVG-276", "reference_id": "AVG-276", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-276" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6969", "reference_id": "CVE-2017-6969", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:N/A:P" }, { "value": "9.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6969" }, { "reference_url": "https://security.gentoo.org/glsa/201709-02", "reference_id": "GLSA-201709-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201709-02" }, { "reference_url": "https://usn.ubuntu.com/4336-2/", "reference_id": "USN-4336-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4336-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373006?format=api", "purl": "pkg:alpm/archlinux/binutils@2.29.0-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.29.0-1" } ], "aliases": [ "CVE-2017-6969" ], "risk_score": 4.1, "exploitability": "0.5", "weighted_severity": "8.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qnnr-5t4r-xfdc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50191?format=api", "vulnerability_id": "VCID-qv6w-s2tv-eyfs", "summary": "Multiple vulnerabilities have been found in Binutils, the worst of\n which may allow remote attackers to cause a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9039.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9039.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9039", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.57909", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58021", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58046", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58063", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58042", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.57993", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58013", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.57988", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58043", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9039" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9039", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9039" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.6", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:N/I:N/A:P" }, { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1452168", "reference_id": "1452168", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1452168" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863674", "reference_id": "863674", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863674" }, { "reference_url": "https://security.archlinux.org/AVG-276", "reference_id": "AVG-276", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-276" }, { "reference_url": "https://security.gentoo.org/glsa/201709-02", "reference_id": "GLSA-201709-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201709-02" }, { "reference_url": "https://usn.ubuntu.com/4336-2/", "reference_id": "USN-4336-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4336-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373006?format=api", "purl": "pkg:alpm/archlinux/binutils@2.29.0-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.29.0-1" } ], "aliases": [ "CVE-2017-9039" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qv6w-s2tv-eyfs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50194?format=api", "vulnerability_id": "VCID-z7m5-hqbr-abc2", "summary": "Multiple vulnerabilities have been found in Binutils, the worst of\n which may allow remote attackers to cause a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9042.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9042.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9042", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00395", "scoring_system": "epss", "scoring_elements": "0.60219", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00395", "scoring_system": "epss", "scoring_elements": "0.60342", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00395", "scoring_system": "epss", "scoring_elements": "0.60354", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00395", "scoring_system": "epss", "scoring_elements": "0.60375", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00395", "scoring_system": "epss", "scoring_elements": "0.60361", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00395", "scoring_system": "epss", "scoring_elements": "0.60295", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00395", "scoring_system": "epss", "scoring_elements": "0.6032", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00395", "scoring_system": "epss", "scoring_elements": "0.60288", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00395", "scoring_system": "epss", "scoring_elements": "0.60338", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9042" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9042", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9042" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.6", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:N/I:N/A:P" }, { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1452173", "reference_id": "1452173", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1452173" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863674", "reference_id": "863674", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863674" }, { "reference_url": "https://security.archlinux.org/AVG-276", "reference_id": "AVG-276", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-276" }, { "reference_url": "https://security.gentoo.org/glsa/201709-02", "reference_id": "GLSA-201709-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201709-02" }, { "reference_url": "https://usn.ubuntu.com/4336-2/", "reference_id": "USN-4336-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4336-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373006?format=api", "purl": "pkg:alpm/archlinux/binutils@2.29.0-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.29.0-1" } ], "aliases": [ "CVE-2017-9042" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-z7m5-hqbr-abc2" } ], "fixing_vulnerabilities": [], "risk_score": "4.1", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.28.0-4" }, { "url": "http://public2.vulnerablecode.io/api/packages/373006?format=api", "purl": "pkg:alpm/archlinux/binutils@2.29.0-1", "type": "alpm", "namespace": "archlinux", "name": "binutils", "version": "2.29.0-1", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "2.30-1", "latest_non_vulnerable_version": "2.38-1", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50177?format=api", "vulnerability_id": "VCID-1rp7-5hxs-tqbx", "summary": "Multiple vulnerabilities have been found in Binutils, the worst of\n which may allow remote attackers to cause a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6965.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6965.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6965", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48609", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48672", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48624", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48678", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48674", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48692", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48666", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.4865", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00292", "scoring_system": "epss", "scoring_elements": "0.52557", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6965" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6965", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6965" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://sourceware.org/bugzilla/show_bug.cgi?id=21137", "reference_id": "", "reference_type": "", "scores": [], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=21137" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1435640", "reference_id": "1435640", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1435640" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858264", "reference_id": "858264", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858264" }, { "reference_url": "https://security.archlinux.org/AVG-276", "reference_id": "AVG-276", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-276" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6965", "reference_id": "CVE-2017-6965", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6965" }, { "reference_url": "https://security.gentoo.org/glsa/201709-02", "reference_id": "GLSA-201709-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201709-02" }, { "reference_url": "https://usn.ubuntu.com/4336-2/", "reference_id": "USN-4336-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4336-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373006?format=api", "purl": "pkg:alpm/archlinux/binutils@2.29.0-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.29.0-1" } ], "aliases": [ "CVE-2017-6965" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1rp7-5hxs-tqbx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/60869?format=api", "vulnerability_id": "VCID-4ty8-8ecg-mqdy", "summary": "Multiple vulnerabilities have been found in Binutils, the worst of\n which may allow remote attackers to cause a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7209.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7209.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7209", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00314", "scoring_system": "epss", "scoring_elements": "0.5447", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00314", "scoring_system": "epss", "scoring_elements": "0.54556", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00314", "scoring_system": "epss", "scoring_elements": "0.54583", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00314", "scoring_system": "epss", "scoring_elements": "0.54595", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00314", "scoring_system": "epss", "scoring_elements": "0.54577", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00314", "scoring_system": "epss", "scoring_elements": "0.54545", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00314", "scoring_system": "epss", "scoring_elements": "0.54569", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00314", "scoring_system": "epss", "scoring_elements": "0.54537", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00314", "scoring_system": "epss", "scoring_elements": "0.54589", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7209" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7209", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7209" }, { "reference_url": "https://sourceware.org/bugzilla/show_bug.cgi?id=21135", "reference_id": "", "reference_type": "", "scores": [], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=21135" }, { "reference_url": "http://www.securityfocus.com/bid/96994", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/96994" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1435632", "reference_id": "1435632", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1435632" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858323", "reference_id": "858323", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858323" }, { "reference_url": "https://security.archlinux.org/AVG-276", "reference_id": "AVG-276", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-276" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7209", "reference_id": "CVE-2017-7209", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7209" }, { "reference_url": "https://security.gentoo.org/glsa/201801-01", "reference_id": "GLSA-201801-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201801-01" }, { "reference_url": "https://usn.ubuntu.com/4336-2/", "reference_id": "USN-4336-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4336-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373006?format=api", "purl": "pkg:alpm/archlinux/binutils@2.29.0-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.29.0-1" } ], "aliases": [ "CVE-2017-7209" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4ty8-8ecg-mqdy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50193?format=api", "vulnerability_id": "VCID-5cxe-ara7-jfcr", "summary": "Multiple vulnerabilities have been found in Binutils, the worst of\n which may allow remote attackers to cause a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9041.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9041.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9041", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00483", "scoring_system": "epss", "scoring_elements": "0.6513", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00483", "scoring_system": "epss", "scoring_elements": "0.65211", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00483", "scoring_system": "epss", "scoring_elements": "0.65233", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00483", "scoring_system": "epss", "scoring_elements": "0.65251", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00483", "scoring_system": "epss", "scoring_elements": "0.65239", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00483", "scoring_system": "epss", "scoring_elements": "0.6518", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00483", "scoring_system": "epss", "scoring_elements": "0.65205", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00483", "scoring_system": "epss", "scoring_elements": "0.65171", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00483", "scoring_system": "epss", "scoring_elements": "0.65221", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9041" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9041", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9041" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.6", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:N/I:N/A:P" }, { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1452171", "reference_id": "1452171", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1452171" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863674", "reference_id": "863674", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863674" }, { "reference_url": "https://security.archlinux.org/AVG-276", "reference_id": "AVG-276", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-276" }, { "reference_url": "https://security.gentoo.org/glsa/201709-02", "reference_id": "GLSA-201709-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201709-02" }, { "reference_url": "https://usn.ubuntu.com/4336-2/", "reference_id": "USN-4336-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4336-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373006?format=api", "purl": "pkg:alpm/archlinux/binutils@2.29.0-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.29.0-1" } ], "aliases": [ "CVE-2017-9041" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5cxe-ara7-jfcr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/84365?format=api", "vulnerability_id": "VCID-b5je-gm19-yba5", "summary": "binutils: Out-of-bounds read in the print_symbol_for_build_attribute function", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9044.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9044.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9044", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00317", "scoring_system": "epss", "scoring_elements": "0.54763", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00421", "scoring_system": "epss", "scoring_elements": "0.61848", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00421", "scoring_system": "epss", "scoring_elements": "0.6201", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00421", "scoring_system": "epss", "scoring_elements": "0.61999", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00421", "scoring_system": "epss", "scoring_elements": "0.61921", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00421", "scoring_system": "epss", "scoring_elements": "0.61951", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00421", "scoring_system": "epss", "scoring_elements": "0.61971", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00421", "scoring_system": "epss", "scoring_elements": "0.61988", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9044" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9044", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9044" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1452176", "reference_id": "1452176", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1452176" }, { "reference_url": "https://security.archlinux.org/AVG-276", "reference_id": "AVG-276", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-276" }, { "reference_url": "https://usn.ubuntu.com/4336-2/", "reference_id": "USN-4336-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4336-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373006?format=api", "purl": "pkg:alpm/archlinux/binutils@2.29.0-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.29.0-1" } ], "aliases": [ "CVE-2017-9044" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b5je-gm19-yba5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50190?format=api", "vulnerability_id": "VCID-dyx7-6xgz-mqa7", "summary": "Multiple vulnerabilities have been found in Binutils, the worst of\n which may allow remote attackers to cause a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9038.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9038.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9038", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.57909", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58021", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58063", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58042", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.57993", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58013", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.57988", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58043", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58046", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9038" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9038", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9038" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1452167", "reference_id": "1452167", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1452167" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863674", "reference_id": "863674", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863674" }, { "reference_url": "https://security.archlinux.org/AVG-276", "reference_id": "AVG-276", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-276" }, { "reference_url": "https://security.gentoo.org/glsa/201709-02", "reference_id": "GLSA-201709-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201709-02" }, { "reference_url": "https://usn.ubuntu.com/4336-2/", "reference_id": "USN-4336-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4336-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373006?format=api", "purl": "pkg:alpm/archlinux/binutils@2.29.0-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.29.0-1" } ], "aliases": [ "CVE-2017-9038" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dyx7-6xgz-mqa7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50192?format=api", "vulnerability_id": "VCID-j2wc-yxrx-4kh6", "summary": "Multiple vulnerabilities have been found in Binutils, the worst of\n which may allow remote attackers to cause a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9040.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9040.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9040", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58021", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00475", "scoring_system": "epss", "scoring_elements": "0.64702", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00475", "scoring_system": "epss", "scoring_elements": "0.64809", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00475", "scoring_system": "epss", "scoring_elements": "0.64826", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00475", "scoring_system": "epss", "scoring_elements": "0.64816", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00475", "scoring_system": "epss", "scoring_elements": "0.64754", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00475", "scoring_system": "epss", "scoring_elements": "0.64782", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00475", "scoring_system": "epss", "scoring_elements": "0.64745", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00475", "scoring_system": "epss", "scoring_elements": "0.64795", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9040" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9040", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9040" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.6", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:N/I:N/A:P" }, { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1452169", "reference_id": "1452169", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1452169" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863674", "reference_id": "863674", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863674" }, { "reference_url": "https://security.archlinux.org/AVG-276", "reference_id": "AVG-276", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-276" }, { "reference_url": "https://security.gentoo.org/glsa/201709-02", "reference_id": "GLSA-201709-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201709-02" }, { "reference_url": "https://usn.ubuntu.com/4336-2/", "reference_id": "USN-4336-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4336-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373006?format=api", "purl": "pkg:alpm/archlinux/binutils@2.29.0-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.29.0-1" } ], "aliases": [ "CVE-2017-9040" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j2wc-yxrx-4kh6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50178?format=api", "vulnerability_id": "VCID-kzqn-frns-jyab", "summary": "Multiple vulnerabilities have been found in Binutils, the worst of\n which may allow remote attackers to cause a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6966.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6966.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6966", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00278", "scoring_system": "epss", "scoring_elements": "0.51154", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00278", "scoring_system": "epss", "scoring_elements": "0.51251", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00278", "scoring_system": "epss", "scoring_elements": "0.51243", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00278", "scoring_system": "epss", "scoring_elements": "0.51287", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00278", "scoring_system": "epss", "scoring_elements": "0.51265", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00278", "scoring_system": "epss", "scoring_elements": "0.51207", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00278", "scoring_system": "epss", "scoring_elements": "0.51232", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00278", "scoring_system": "epss", "scoring_elements": "0.51191", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00278", "scoring_system": "epss", "scoring_elements": "0.51246", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6966" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6966", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6966" }, { "reference_url": "https://sourceware.org/bugzilla/show_bug.cgi?id=21139", "reference_id": "", "reference_type": "", "scores": [], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=21139" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1435646", "reference_id": "1435646", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1435646" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858263", "reference_id": "858263", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858263" }, { "reference_url": "https://security.archlinux.org/AVG-276", "reference_id": "AVG-276", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-276" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6966", "reference_id": "CVE-2017-6966", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6966" }, { "reference_url": "https://security.gentoo.org/glsa/201709-02", "reference_id": "GLSA-201709-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201709-02" }, { "reference_url": "https://usn.ubuntu.com/4336-2/", "reference_id": "USN-4336-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4336-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373006?format=api", "purl": "pkg:alpm/archlinux/binutils@2.29.0-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.29.0-1" } ], "aliases": [ "CVE-2017-6966" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kzqn-frns-jyab" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/60870?format=api", "vulnerability_id": "VCID-mgmr-bkuv-sbba", "summary": "Multiple vulnerabilities have been found in Binutils, the worst of\n which may allow remote attackers to cause a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7210.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7210.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7210", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00314", "scoring_system": "epss", "scoring_elements": "0.5447", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00314", "scoring_system": "epss", "scoring_elements": "0.54556", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00314", "scoring_system": "epss", "scoring_elements": "0.54583", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00314", "scoring_system": "epss", "scoring_elements": "0.54595", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00314", "scoring_system": "epss", "scoring_elements": "0.54577", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00314", "scoring_system": "epss", "scoring_elements": "0.54545", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00314", "scoring_system": "epss", "scoring_elements": "0.54569", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00314", "scoring_system": "epss", "scoring_elements": "0.54537", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00314", "scoring_system": "epss", "scoring_elements": "0.54589", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7210" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7210", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7210" }, { "reference_url": "https://sourceware.org/bugzilla/show_bug.cgi?id=21157", "reference_id": "", "reference_type": "", "scores": [], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=21157" }, { "reference_url": "http://www.securityfocus.com/bid/96992", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/96992" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1435634", "reference_id": "1435634", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1435634" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858324", "reference_id": "858324", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858324" }, { "reference_url": "https://security.archlinux.org/AVG-276", "reference_id": "AVG-276", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-276" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7210", "reference_id": "CVE-2017-7210", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7210" }, { "reference_url": "https://security.gentoo.org/glsa/201801-01", "reference_id": "GLSA-201801-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201801-01" }, { "reference_url": "https://usn.ubuntu.com/4336-2/", "reference_id": "USN-4336-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4336-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373006?format=api", "purl": "pkg:alpm/archlinux/binutils@2.29.0-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.29.0-1" } ], "aliases": [ "CVE-2017-7210" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mgmr-bkuv-sbba" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/84364?format=api", "vulnerability_id": "VCID-n93p-dptt-r3hg", "summary": "binutils: Shift exponent too large for type unsigned long in readelf.c", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9043.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9043.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9043", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00395", "scoring_system": "epss", "scoring_elements": "0.60219", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00395", "scoring_system": "epss", "scoring_elements": "0.60295", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00395", "scoring_system": "epss", "scoring_elements": "0.6032", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00395", "scoring_system": "epss", "scoring_elements": "0.60288", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00395", "scoring_system": "epss", "scoring_elements": "0.60375", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00395", "scoring_system": "epss", "scoring_elements": "0.60361", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00395", "scoring_system": "epss", "scoring_elements": "0.60338", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00395", "scoring_system": "epss", "scoring_elements": "0.60354", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00471", "scoring_system": "epss", "scoring_elements": "0.64622", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9043" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9043", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9043" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1452175", "reference_id": "1452175", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1452175" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863674", "reference_id": "863674", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863674" }, { "reference_url": "https://security.archlinux.org/AVG-276", "reference_id": "AVG-276", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-276" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373006?format=api", "purl": "pkg:alpm/archlinux/binutils@2.29.0-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.29.0-1" } ], "aliases": [ "CVE-2017-9043" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n93p-dptt-r3hg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50179?format=api", "vulnerability_id": "VCID-qnnr-5t4r-xfdc", "summary": "Multiple vulnerabilities have been found in Binutils, the worst of\n which may allow remote attackers to cause a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6969.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6969.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6969", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00455", "scoring_system": "epss", "scoring_elements": "0.63754", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00455", "scoring_system": "epss", "scoring_elements": "0.63834", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00455", "scoring_system": "epss", "scoring_elements": "0.63868", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00455", "scoring_system": "epss", "scoring_elements": "0.63881", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00455", "scoring_system": "epss", "scoring_elements": "0.63867", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00455", "scoring_system": "epss", "scoring_elements": "0.63816", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00455", "scoring_system": "epss", "scoring_elements": "0.63842", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00455", "scoring_system": "epss", "scoring_elements": "0.63799", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00455", "scoring_system": "epss", "scoring_elements": "0.6385", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6969" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6969", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6969" }, { "reference_url": "https://sourceware.org/bugzilla/show_bug.cgi?id=21156", "reference_id": "", "reference_type": "", "scores": [], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=21156" }, { "reference_url": "http://www.securityfocus.com/bid/97065", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/97065" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1435648", "reference_id": "1435648", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1435648" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858256", "reference_id": "858256", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858256" }, { "reference_url": "https://security.archlinux.org/AVG-276", "reference_id": "AVG-276", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-276" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6969", "reference_id": "CVE-2017-6969", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:N/A:P" }, { "value": "9.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6969" }, { "reference_url": "https://security.gentoo.org/glsa/201709-02", "reference_id": "GLSA-201709-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201709-02" }, { "reference_url": "https://usn.ubuntu.com/4336-2/", "reference_id": "USN-4336-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4336-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373006?format=api", "purl": "pkg:alpm/archlinux/binutils@2.29.0-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.29.0-1" } ], "aliases": [ "CVE-2017-6969" ], "risk_score": 4.1, "exploitability": "0.5", "weighted_severity": "8.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qnnr-5t4r-xfdc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50191?format=api", "vulnerability_id": "VCID-qv6w-s2tv-eyfs", "summary": "Multiple vulnerabilities have been found in Binutils, the worst of\n which may allow remote attackers to cause a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9039.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9039.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9039", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.57909", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58021", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58046", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58063", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58042", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.57993", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58013", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.57988", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00358", "scoring_system": "epss", "scoring_elements": "0.58043", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9039" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9039", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9039" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.6", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:N/I:N/A:P" }, { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1452168", "reference_id": "1452168", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1452168" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863674", "reference_id": "863674", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863674" }, { "reference_url": "https://security.archlinux.org/AVG-276", "reference_id": "AVG-276", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-276" }, { "reference_url": "https://security.gentoo.org/glsa/201709-02", "reference_id": "GLSA-201709-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201709-02" }, { "reference_url": "https://usn.ubuntu.com/4336-2/", "reference_id": "USN-4336-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4336-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373006?format=api", "purl": "pkg:alpm/archlinux/binutils@2.29.0-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.29.0-1" } ], "aliases": [ "CVE-2017-9039" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qv6w-s2tv-eyfs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50194?format=api", "vulnerability_id": "VCID-z7m5-hqbr-abc2", "summary": "Multiple vulnerabilities have been found in Binutils, the worst of\n which may allow remote attackers to cause a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9042.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9042.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9042", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00395", "scoring_system": "epss", "scoring_elements": "0.60219", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00395", "scoring_system": "epss", "scoring_elements": "0.60342", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00395", "scoring_system": "epss", "scoring_elements": "0.60354", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00395", "scoring_system": "epss", "scoring_elements": "0.60375", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00395", "scoring_system": "epss", "scoring_elements": "0.60361", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00395", "scoring_system": "epss", "scoring_elements": "0.60295", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00395", "scoring_system": "epss", "scoring_elements": "0.6032", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00395", "scoring_system": "epss", "scoring_elements": "0.60288", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00395", "scoring_system": "epss", "scoring_elements": "0.60338", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9042" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9042", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9042" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.6", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:N/I:N/A:P" }, { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1452173", "reference_id": "1452173", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1452173" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863674", "reference_id": "863674", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863674" }, { "reference_url": "https://security.archlinux.org/AVG-276", "reference_id": "AVG-276", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-276" }, { "reference_url": "https://security.gentoo.org/glsa/201709-02", "reference_id": "GLSA-201709-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201709-02" }, { "reference_url": "https://usn.ubuntu.com/4336-2/", "reference_id": "USN-4336-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4336-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373006?format=api", "purl": "pkg:alpm/archlinux/binutils@2.29.0-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.29.0-1" } ], "aliases": [ "CVE-2017-9042" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-z7m5-hqbr-abc2" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.29.0-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/372845?format=api", "purl": "pkg:alpm/archlinux/binutils@2.29.1-3", "type": "alpm", "namespace": "archlinux", "name": "binutils", "version": "2.29.1-3", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.30-1", "latest_non_vulnerable_version": "2.38-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83938?format=api", "vulnerability_id": "VCID-3aht-pk4j-b3h5", "summary": "binutils: NULL pointer dereference in dwarf2.c", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15022.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15022.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15022", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49383", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49433", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49392", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49447", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49442", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49459", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.4943", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49412", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49439", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15022" }, { "reference_url": "https://blogs.gentoo.org/ago/2017/10/03/binutils-null-pointer-dereference-in-bfd_hash_hash-hash-c/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://blogs.gentoo.org/ago/2017/10/03/binutils-null-pointer-dereference-in-bfd_hash_hash-hash-c/" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15022", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15022" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22201", "reference_id": "", "reference_type": "", "scores": [], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22201" }, { "reference_url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=11855d8a1f11b102a702ab76e95b22082cccf2f8", "reference_id": "", "reference_type": "", "scores": [], "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=11855d8a1f11b102a702ab76e95b22082cccf2f8" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1500376", "reference_id": "1500376", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1500376" }, { "reference_url": "https://security.archlinux.org/AVG-435", "reference_id": "AVG-435", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-435" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.29:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:binutils:2.29:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.29:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15022", "reference_id": "CVE-2017-15022", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15022" }, { "reference_url": "https://usn.ubuntu.com/4336-2/", "reference_id": "USN-4336-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4336-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372846?format=api", "purl": "pkg:alpm/archlinux/binutils@2.30-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.30-1" } ], "aliases": [ "CVE-2017-15022" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3aht-pk4j-b3h5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83943?format=api", "vulnerability_id": "VCID-3az2-jj9s-7ffj", "summary": "binutils: Infinite recursion in find_abstract_instance_name", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15024.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15024.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15024", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00425", "scoring_system": "epss", "scoring_elements": "0.62103", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00425", "scoring_system": "epss", "scoring_elements": "0.62216", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00425", "scoring_system": "epss", "scoring_elements": "0.62162", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00425", "scoring_system": "epss", "scoring_elements": "0.62212", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00425", "scoring_system": "epss", "scoring_elements": "0.62229", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00425", "scoring_system": "epss", "scoring_elements": "0.62247", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00425", "scoring_system": "epss", "scoring_elements": "0.62237", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00425", "scoring_system": "epss", "scoring_elements": "0.62163", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00425", "scoring_system": "epss", "scoring_elements": "0.62194", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15024" }, { "reference_url": "https://blogs.gentoo.org/ago/2017/10/03/binutils-infinite-loop-in-find_abstract_instance_name-dwarf2-c/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://blogs.gentoo.org/ago/2017/10/03/binutils-infinite-loop-in-find_abstract_instance_name-dwarf2-c/" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15024", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15024" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22187", "reference_id": "", "reference_type": "", "scores": [], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22187" }, { "reference_url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=52a93b95ec0771c97e26f0bb28630a271a667bd2", "reference_id": "", "reference_type": "", "scores": [], "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=52a93b95ec0771c97e26f0bb28630a271a667bd2" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1500378", "reference_id": "1500378", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1500378" }, { "reference_url": "https://security.archlinux.org/AVG-435", "reference_id": "AVG-435", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-435" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.29:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:binutils:2.29:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.29:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15024", "reference_id": "CVE-2017-15024", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15024" }, { "reference_url": "https://usn.ubuntu.com/4336-2/", "reference_id": "USN-4336-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4336-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372846?format=api", "purl": "pkg:alpm/archlinux/binutils@2.30-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.30-1" } ], "aliases": [ "CVE-2017-15024" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3az2-jj9s-7ffj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31656?format=api", "vulnerability_id": "VCID-6atd-3q2h-vfd5", "summary": "Multiple vulnerabilities have been found in Binutils, the worst of\n which may allow remote attackers to cause a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17123.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17123.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-17123", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00442", "scoring_system": "epss", "scoring_elements": "0.63166", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00442", "scoring_system": "epss", "scoring_elements": "0.63254", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00442", "scoring_system": "epss", "scoring_elements": "0.6322", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00442", "scoring_system": "epss", "scoring_elements": "0.63272", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00442", "scoring_system": "epss", "scoring_elements": "0.63289", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00442", "scoring_system": "epss", "scoring_elements": "0.63306", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00442", "scoring_system": "epss", "scoring_elements": "0.6329", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00442", "scoring_system": "epss", "scoring_elements": "0.63225", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00442", "scoring_system": "epss", "scoring_elements": "0.63255", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-17123" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17123", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17123" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22509", "reference_id": "", "reference_type": "", "scores": [], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22509" }, { "reference_url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=4581a1c7d304ce14e714b27522ebf3d0188d6543", "reference_id": "", "reference_type": "", "scores": [], "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=4581a1c7d304ce14e714b27522ebf3d0188d6543" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1524509", "reference_id": "1524509", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1524509" }, { "reference_url": "https://security.archlinux.org/AVG-538", "reference_id": "AVG-538", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-538" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.29.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:binutils:2.29.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.29.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-17123", "reference_id": "CVE-2017-17123", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-17123" }, { "reference_url": "https://security.gentoo.org/glsa/201811-17", "reference_id": "GLSA-201811-17", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201811-17" }, { "reference_url": "https://usn.ubuntu.com/4336-2/", "reference_id": "USN-4336-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4336-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372846?format=api", "purl": "pkg:alpm/archlinux/binutils@2.30-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.30-1" } ], "aliases": [ "CVE-2017-17123" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6atd-3q2h-vfd5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83942?format=api", "vulnerability_id": "VCID-92ag-7zjf-qfhj", "summary": "binutils: Divide-by-zero in decode_line_info", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15025.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15025.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15025", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49383", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49433", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49392", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49447", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49442", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49459", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.4943", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49412", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49439", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15025" }, { "reference_url": "https://blogs.gentoo.org/ago/2017/10/03/binutils-divide-by-zero-in-decode_line_info-dwarf2-c/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://blogs.gentoo.org/ago/2017/10/03/binutils-divide-by-zero-in-decode_line_info-dwarf2-c/" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15025", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15025" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22186", "reference_id": "", "reference_type": "", "scores": [], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22186" }, { "reference_url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=d8010d3e75ec7194a4703774090b27486b742d48", "reference_id": "", "reference_type": "", "scores": [], "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=d8010d3e75ec7194a4703774090b27486b742d48" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1500375", "reference_id": "1500375", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1500375" }, { "reference_url": "https://security.archlinux.org/AVG-435", "reference_id": "AVG-435", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-435" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.29:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:binutils:2.29:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.29:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15025", "reference_id": "CVE-2017-15025", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15025" }, { "reference_url": "https://usn.ubuntu.com/4336-2/", "reference_id": "USN-4336-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4336-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372846?format=api", "purl": "pkg:alpm/archlinux/binutils@2.30-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.30-1" } ], "aliases": [ "CVE-2017-15025" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-92ag-7zjf-qfhj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31657?format=api", "vulnerability_id": "VCID-b7ed-5vy7-8yb8", "summary": "Multiple vulnerabilities have been found in Binutils, the worst of\n which may allow remote attackers to cause a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17124.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17124.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-17124", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.5971", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.59846", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.59807", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.59777", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.59828", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.59842", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.59862", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.59783", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-17124" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17124", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17124" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22507", "reference_id": "", "reference_type": "", "scores": [], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22507" }, { "reference_url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=b0029dce6867de1a2828293177b0e030d2f0f03c", "reference_id": "", "reference_type": "", "scores": [], "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=b0029dce6867de1a2828293177b0e030d2f0f03c" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1524510", "reference_id": "1524510", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1524510" }, { "reference_url": "https://security.archlinux.org/AVG-538", "reference_id": "AVG-538", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-538" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.29.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:binutils:2.29.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.29.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-17124", "reference_id": "CVE-2017-17124", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" }, { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-17124" }, { "reference_url": "https://security.gentoo.org/glsa/201811-17", "reference_id": "GLSA-201811-17", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201811-17" }, { "reference_url": "https://usn.ubuntu.com/4336-2/", "reference_id": "USN-4336-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4336-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372846?format=api", "purl": "pkg:alpm/archlinux/binutils@2.30-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.30-1" } ], "aliases": [ "CVE-2017-17124" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b7ed-5vy7-8yb8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83939?format=api", "vulnerability_id": "VCID-bah7-vbh3-7ueg", "summary": "binutils: Heap-based buffer over-read in bfd_get_debug_link_info_1", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15021.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15021.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15021", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49383", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49433", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49392", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49447", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49442", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49459", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.4943", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49412", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49439", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15021" }, { "reference_url": "https://blogs.gentoo.org/ago/2017/10/03/binutils-heap-based-buffer-overflow-in-bfd_getl32-opncls-c/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://blogs.gentoo.org/ago/2017/10/03/binutils-heap-based-buffer-overflow-in-bfd_getl32-opncls-c/" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15021", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15021" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22197", "reference_id": "", "reference_type": "", "scores": [], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22197" }, { "reference_url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=52b36c51e5bf6d7600fdc6ba115b170b0e78e31d", "reference_id": "", "reference_type": "", "scores": [], "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=52b36c51e5bf6d7600fdc6ba115b170b0e78e31d" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1500377", "reference_id": "1500377", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1500377" }, { "reference_url": "https://security.archlinux.org/AVG-435", "reference_id": "AVG-435", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-435" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.29:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:binutils:2.29:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.29:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15021", "reference_id": "CVE-2017-15021", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15021" }, { "reference_url": "https://usn.ubuntu.com/4336-2/", "reference_id": "USN-4336-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4336-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372846?format=api", "purl": "pkg:alpm/archlinux/binutils@2.30-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.30-1" } ], "aliases": [ "CVE-2017-15021" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bah7-vbh3-7ueg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31659?format=api", "vulnerability_id": "VCID-csfh-sngk-qfga", "summary": "Multiple vulnerabilities have been found in Binutils, the worst of\n which may allow remote attackers to cause a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17126.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17126.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-17126", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00377", "scoring_system": "epss", "scoring_elements": "0.59129", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00377", "scoring_system": "epss", "scoring_elements": "0.59241", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00377", "scoring_system": "epss", "scoring_elements": "0.59192", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00377", "scoring_system": "epss", "scoring_elements": "0.59244", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00377", "scoring_system": "epss", "scoring_elements": "0.59257", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00377", "scoring_system": "epss", "scoring_elements": "0.59277", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00377", "scoring_system": "epss", "scoring_elements": "0.5926", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00377", "scoring_system": "epss", "scoring_elements": "0.59203", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00377", "scoring_system": "epss", "scoring_elements": "0.59227", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-17126" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17126", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17126" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22510", "reference_id": "", "reference_type": "", "scores": [], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22510" }, { "reference_url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=f425ec6600b69e39eb605f3128806ff688137ea8", "reference_id": "", "reference_type": "", "scores": [], "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=f425ec6600b69e39eb605f3128806ff688137ea8" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1524498", "reference_id": "1524498", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1524498" }, { "reference_url": "https://security.archlinux.org/AVG-538", "reference_id": "AVG-538", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-538" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.29.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:binutils:2.29.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.29.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-17126", "reference_id": "CVE-2017-17126", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" }, { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-17126" }, { "reference_url": "https://security.gentoo.org/glsa/201811-17", "reference_id": "GLSA-201811-17", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201811-17" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372846?format=api", "purl": "pkg:alpm/archlinux/binutils@2.30-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.30-1" } ], "aliases": [ "CVE-2017-17126" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-csfh-sngk-qfga" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83937?format=api", "vulnerability_id": "VCID-e2yq-7v8c-z7hk", "summary": "binutils: Heap-based buffer overflow in parse_die", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15020.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15020.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15020", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00144", "scoring_system": "epss", "scoring_elements": "0.34608", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00144", "scoring_system": "epss", "scoring_elements": "0.34737", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00144", "scoring_system": "epss", "scoring_elements": "0.34726", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00144", "scoring_system": "epss", "scoring_elements": "0.34769", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00144", "scoring_system": "epss", "scoring_elements": "0.34797", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00144", "scoring_system": "epss", "scoring_elements": "0.34801", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00144", "scoring_system": "epss", "scoring_elements": "0.34762", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00144", "scoring_system": "epss", "scoring_elements": "0.34823", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00144", "scoring_system": "epss", "scoring_elements": "0.3485", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15020" }, { "reference_url": "https://blogs.gentoo.org/ago/2017/10/03/binutils-heap-based-buffer-overflow-in-parse_die-dwarf1-c/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://blogs.gentoo.org/ago/2017/10/03/binutils-heap-based-buffer-overflow-in-parse_die-dwarf1-c/" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15020", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15020" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22202", "reference_id": "", "reference_type": "", "scores": [], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22202" }, { "reference_url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=1da5c9a485f3dcac4c45e96ef4b7dae5948314b5", "reference_id": "", "reference_type": "", "scores": [], "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=1da5c9a485f3dcac4c45e96ef4b7dae5948314b5" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1500372", "reference_id": "1500372", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1500372" }, { "reference_url": "https://security.archlinux.org/AVG-435", "reference_id": "AVG-435", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-435" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.29:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:binutils:2.29:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.29:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15020", "reference_id": "CVE-2017-15020", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" }, { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15020" }, { "reference_url": "https://usn.ubuntu.com/4336-2/", "reference_id": "USN-4336-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4336-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372846?format=api", "purl": "pkg:alpm/archlinux/binutils@2.30-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.30-1" } ], "aliases": [ "CVE-2017-15020" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e2yq-7v8c-z7hk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31655?format=api", "vulnerability_id": "VCID-ftnk-2drc-jkdw", "summary": "Multiple vulnerabilities have been found in Binutils, the worst of\n which may allow remote attackers to cause a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17122.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17122.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-17122", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00426", "scoring_system": "epss", "scoring_elements": "0.62141", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00426", "scoring_system": "epss", "scoring_elements": "0.62251", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00426", "scoring_system": "epss", "scoring_elements": "0.62198", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00426", "scoring_system": "epss", "scoring_elements": "0.62247", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00426", "scoring_system": "epss", "scoring_elements": "0.62265", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00426", "scoring_system": "epss", "scoring_elements": "0.62283", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00426", "scoring_system": "epss", "scoring_elements": "0.62273", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00426", "scoring_system": "epss", "scoring_elements": "0.62201", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00426", "scoring_system": "epss", "scoring_elements": "0.62231", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-17122" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17122", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17122" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22508", "reference_id": "", "reference_type": "", "scores": [], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22508" }, { "reference_url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=d785b7d4b877ed465d04072e17ca19d0f47d840f", "reference_id": "", "reference_type": "", "scores": [], "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=d785b7d4b877ed465d04072e17ca19d0f47d840f" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1524505", "reference_id": "1524505", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1524505" }, { "reference_url": "https://security.archlinux.org/AVG-538", "reference_id": "AVG-538", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-538" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.29.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:binutils:2.29.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.29.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-17122", "reference_id": "CVE-2017-17122", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" }, { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-17122" }, { "reference_url": "https://security.gentoo.org/glsa/201811-17", "reference_id": "GLSA-201811-17", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201811-17" }, { "reference_url": "https://usn.ubuntu.com/5341-1/", "reference_id": "USN-5341-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5341-1/" }, { "reference_url": "https://usn.ubuntu.com/6413-1/", "reference_id": "USN-6413-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6413-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372846?format=api", "purl": "pkg:alpm/archlinux/binutils@2.30-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.30-1" } ], "aliases": [ "CVE-2017-17122" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ftnk-2drc-jkdw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/60865?format=api", "vulnerability_id": "VCID-mann-686a-8bec", "summary": "Multiple vulnerabilities have been found in Binutils, the worst of\n which may allow remote attackers to cause a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15023.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15023.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15023", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00489", "scoring_system": "epss", "scoring_elements": "0.65455", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00489", "scoring_system": "epss", "scoring_elements": "0.65538", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00489", "scoring_system": "epss", "scoring_elements": "0.65496", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00489", "scoring_system": "epss", "scoring_elements": "0.65549", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00489", "scoring_system": "epss", "scoring_elements": "0.6556", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00489", "scoring_system": "epss", "scoring_elements": "0.65579", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00489", "scoring_system": "epss", "scoring_elements": "0.65566", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00489", "scoring_system": "epss", "scoring_elements": "0.65504", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00489", "scoring_system": "epss", "scoring_elements": "0.65532", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15023" }, { "reference_url": "https://blogs.gentoo.org/ago/2017/10/03/binutils-null-pointer-dereference-in-concat_filename-dwarf2-c/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://blogs.gentoo.org/ago/2017/10/03/binutils-null-pointer-dereference-in-concat_filename-dwarf2-c/" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15023", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15023" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22200", "reference_id": "", "reference_type": "", "scores": [], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22200" }, { "reference_url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=c361faae8d964db951b7100cada4dcdc983df1bf", "reference_id": "", "reference_type": "", "scores": [], "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=c361faae8d964db951b7100cada4dcdc983df1bf" }, { "reference_url": "http://www.securityfocus.com/bid/101611", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/101611" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1500374", "reference_id": "1500374", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1500374" }, { "reference_url": "https://security.archlinux.org/AVG-435", "reference_id": "AVG-435", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-435" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.29:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:binutils:2.29:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.29:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15023", "reference_id": "CVE-2017-15023", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15023" }, { "reference_url": "https://security.gentoo.org/glsa/201801-01", "reference_id": "GLSA-201801-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201801-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372846?format=api", "purl": "pkg:alpm/archlinux/binutils@2.30-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.30-1" } ], "aliases": [ "CVE-2017-15023" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mann-686a-8bec" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31658?format=api", "vulnerability_id": "VCID-stn9-gqqb-7kae", "summary": "Multiple vulnerabilities have been found in Binutils, the worst of\n which may allow remote attackers to cause a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17125.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17125.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-17125", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00377", "scoring_system": "epss", "scoring_elements": "0.59129", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00377", "scoring_system": "epss", "scoring_elements": "0.59241", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00377", "scoring_system": "epss", "scoring_elements": "0.59192", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00377", "scoring_system": "epss", "scoring_elements": "0.59244", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00377", "scoring_system": "epss", "scoring_elements": "0.59257", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00377", "scoring_system": "epss", "scoring_elements": "0.59277", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00377", "scoring_system": "epss", "scoring_elements": "0.5926", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00377", "scoring_system": "epss", "scoring_elements": "0.59203", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00377", "scoring_system": "epss", "scoring_elements": "0.59227", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-17125" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17125", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17125" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22443", "reference_id": "", "reference_type": "", "scores": [], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22443" }, { "reference_url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=160b1a618ad94988410dc81fce9189fcda5b7ff4", "reference_id": "", "reference_type": "", "scores": [], "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=160b1a618ad94988410dc81fce9189fcda5b7ff4" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1524511", "reference_id": "1524511", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1524511" }, { "reference_url": "https://security.archlinux.org/AVG-538", "reference_id": "AVG-538", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-538" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.29.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:binutils:2.29.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.29.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-17125", "reference_id": "CVE-2017-17125", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" }, { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-17125" }, { "reference_url": "https://security.gentoo.org/glsa/201811-17", "reference_id": "GLSA-201811-17", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201811-17" }, { "reference_url": "https://usn.ubuntu.com/4336-2/", "reference_id": "USN-4336-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4336-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372846?format=api", "purl": "pkg:alpm/archlinux/binutils@2.30-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.30-1" } ], "aliases": [ "CVE-2017-17125" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-stn9-gqqb-7kae" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/60868?format=api", "vulnerability_id": "VCID-yqbv-z58c-dycr", "summary": "Multiple vulnerabilities have been found in Binutils, the worst of\n which may allow remote attackers to cause a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15996.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15996.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15996", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00314", "scoring_system": "epss", "scoring_elements": "0.54475", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00314", "scoring_system": "epss", "scoring_elements": "0.54561", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00314", "scoring_system": "epss", "scoring_elements": "0.54594", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00314", "scoring_system": "epss", "scoring_elements": "0.54589", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00314", "scoring_system": "epss", "scoring_elements": "0.54601", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00314", "scoring_system": "epss", "scoring_elements": "0.54583", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00314", "scoring_system": "epss", "scoring_elements": "0.5455", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00314", "scoring_system": "epss", "scoring_elements": "0.54574", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00314", "scoring_system": "epss", "scoring_elements": "0.54543", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15996" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15996", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15996" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22361", "reference_id": "", "reference_type": "", "scores": [], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22361" }, { "reference_url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=d91f0b20e561e326ee91a09a76206257bde8438b", "reference_id": "", "reference_type": "", "scores": [], "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=d91f0b20e561e326ee91a09a76206257bde8438b" }, { "reference_url": "http://www.securityfocus.com/bid/101608", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/101608" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1515742", "reference_id": "1515742", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1515742" }, { "reference_url": "https://security.archlinux.org/AVG-435", "reference_id": "AVG-435", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-435" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.29:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:binutils:2.29:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.29:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15996", "reference_id": "CVE-2017-15996", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" }, { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15996" }, { "reference_url": "https://security.gentoo.org/glsa/201801-01", "reference_id": "GLSA-201801-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201801-01" }, { "reference_url": "https://usn.ubuntu.com/4336-2/", "reference_id": "USN-4336-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4336-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372846?format=api", "purl": "pkg:alpm/archlinux/binutils@2.30-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.30-1" } ], "aliases": [ "CVE-2017-15996" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yqbv-z58c-dycr" } ], "fixing_vulnerabilities": [], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.29.1-3" }, { "url": "http://public2.vulnerablecode.io/api/packages/372846?format=api", "purl": "pkg:alpm/archlinux/binutils@2.30-1", "type": "alpm", "namespace": "archlinux", "name": "binutils", "version": "2.30-1", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "2.32-1", "latest_non_vulnerable_version": "2.38-1", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83938?format=api", "vulnerability_id": "VCID-3aht-pk4j-b3h5", "summary": "binutils: NULL pointer dereference in dwarf2.c", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15022.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15022.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15022", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49383", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49433", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49392", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49447", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49442", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49459", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.4943", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49412", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49439", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15022" }, { "reference_url": "https://blogs.gentoo.org/ago/2017/10/03/binutils-null-pointer-dereference-in-bfd_hash_hash-hash-c/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://blogs.gentoo.org/ago/2017/10/03/binutils-null-pointer-dereference-in-bfd_hash_hash-hash-c/" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15022", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15022" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22201", "reference_id": "", "reference_type": "", "scores": [], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22201" }, { "reference_url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=11855d8a1f11b102a702ab76e95b22082cccf2f8", "reference_id": "", "reference_type": "", "scores": [], "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=11855d8a1f11b102a702ab76e95b22082cccf2f8" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1500376", "reference_id": "1500376", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1500376" }, { "reference_url": "https://security.archlinux.org/AVG-435", "reference_id": "AVG-435", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-435" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.29:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:binutils:2.29:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.29:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15022", "reference_id": "CVE-2017-15022", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15022" }, { "reference_url": "https://usn.ubuntu.com/4336-2/", "reference_id": "USN-4336-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4336-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372846?format=api", "purl": "pkg:alpm/archlinux/binutils@2.30-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.30-1" } ], "aliases": [ "CVE-2017-15022" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3aht-pk4j-b3h5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83943?format=api", "vulnerability_id": "VCID-3az2-jj9s-7ffj", "summary": "binutils: Infinite recursion in find_abstract_instance_name", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15024.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15024.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15024", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00425", "scoring_system": "epss", "scoring_elements": "0.62103", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00425", "scoring_system": "epss", "scoring_elements": "0.62216", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00425", "scoring_system": "epss", "scoring_elements": "0.62162", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00425", "scoring_system": "epss", "scoring_elements": "0.62212", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00425", "scoring_system": "epss", "scoring_elements": "0.62229", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00425", "scoring_system": "epss", "scoring_elements": "0.62247", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00425", "scoring_system": "epss", "scoring_elements": "0.62237", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00425", "scoring_system": "epss", "scoring_elements": "0.62163", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00425", "scoring_system": "epss", "scoring_elements": "0.62194", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15024" }, { "reference_url": "https://blogs.gentoo.org/ago/2017/10/03/binutils-infinite-loop-in-find_abstract_instance_name-dwarf2-c/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://blogs.gentoo.org/ago/2017/10/03/binutils-infinite-loop-in-find_abstract_instance_name-dwarf2-c/" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15024", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15024" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22187", "reference_id": "", "reference_type": "", "scores": [], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22187" }, { "reference_url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=52a93b95ec0771c97e26f0bb28630a271a667bd2", "reference_id": "", "reference_type": "", "scores": [], "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=52a93b95ec0771c97e26f0bb28630a271a667bd2" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1500378", "reference_id": "1500378", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1500378" }, { "reference_url": "https://security.archlinux.org/AVG-435", "reference_id": "AVG-435", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-435" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.29:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:binutils:2.29:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.29:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15024", "reference_id": "CVE-2017-15024", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15024" }, { "reference_url": "https://usn.ubuntu.com/4336-2/", "reference_id": "USN-4336-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4336-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372846?format=api", "purl": "pkg:alpm/archlinux/binutils@2.30-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.30-1" } ], "aliases": [ "CVE-2017-15024" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3az2-jj9s-7ffj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31656?format=api", "vulnerability_id": "VCID-6atd-3q2h-vfd5", "summary": "Multiple vulnerabilities have been found in Binutils, the worst of\n which may allow remote attackers to cause a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17123.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17123.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-17123", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00442", "scoring_system": "epss", "scoring_elements": "0.63166", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00442", "scoring_system": "epss", "scoring_elements": "0.63254", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00442", "scoring_system": "epss", "scoring_elements": "0.6322", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00442", "scoring_system": "epss", "scoring_elements": "0.63272", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00442", "scoring_system": "epss", "scoring_elements": "0.63289", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00442", "scoring_system": "epss", "scoring_elements": "0.63306", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00442", "scoring_system": "epss", "scoring_elements": "0.6329", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00442", "scoring_system": "epss", "scoring_elements": "0.63225", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00442", "scoring_system": "epss", "scoring_elements": "0.63255", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-17123" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17123", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17123" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22509", "reference_id": "", "reference_type": "", "scores": [], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22509" }, { "reference_url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=4581a1c7d304ce14e714b27522ebf3d0188d6543", "reference_id": "", "reference_type": "", "scores": [], "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=4581a1c7d304ce14e714b27522ebf3d0188d6543" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1524509", "reference_id": "1524509", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1524509" }, { "reference_url": "https://security.archlinux.org/AVG-538", "reference_id": "AVG-538", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-538" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.29.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:binutils:2.29.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.29.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-17123", "reference_id": "CVE-2017-17123", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-17123" }, { "reference_url": "https://security.gentoo.org/glsa/201811-17", "reference_id": "GLSA-201811-17", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201811-17" }, { "reference_url": "https://usn.ubuntu.com/4336-2/", "reference_id": "USN-4336-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4336-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372846?format=api", "purl": "pkg:alpm/archlinux/binutils@2.30-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.30-1" } ], "aliases": [ "CVE-2017-17123" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6atd-3q2h-vfd5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83942?format=api", "vulnerability_id": "VCID-92ag-7zjf-qfhj", "summary": "binutils: Divide-by-zero in decode_line_info", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15025.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15025.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15025", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49383", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49433", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49392", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49447", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49442", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49459", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.4943", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49412", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49439", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15025" }, { "reference_url": "https://blogs.gentoo.org/ago/2017/10/03/binutils-divide-by-zero-in-decode_line_info-dwarf2-c/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://blogs.gentoo.org/ago/2017/10/03/binutils-divide-by-zero-in-decode_line_info-dwarf2-c/" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15025", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15025" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22186", "reference_id": "", "reference_type": "", "scores": [], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22186" }, { "reference_url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=d8010d3e75ec7194a4703774090b27486b742d48", "reference_id": "", "reference_type": "", "scores": [], "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=d8010d3e75ec7194a4703774090b27486b742d48" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1500375", "reference_id": "1500375", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1500375" }, { "reference_url": "https://security.archlinux.org/AVG-435", "reference_id": "AVG-435", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-435" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.29:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:binutils:2.29:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.29:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15025", "reference_id": "CVE-2017-15025", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15025" }, { "reference_url": "https://usn.ubuntu.com/4336-2/", "reference_id": "USN-4336-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4336-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372846?format=api", "purl": "pkg:alpm/archlinux/binutils@2.30-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.30-1" } ], "aliases": [ "CVE-2017-15025" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-92ag-7zjf-qfhj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31657?format=api", "vulnerability_id": "VCID-b7ed-5vy7-8yb8", "summary": "Multiple vulnerabilities have been found in Binutils, the worst of\n which may allow remote attackers to cause a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17124.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17124.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-17124", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.5971", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.59846", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.59807", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.59777", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.59828", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.59842", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.59862", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.59783", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-17124" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17124", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17124" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22507", "reference_id": "", "reference_type": "", "scores": [], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22507" }, { "reference_url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=b0029dce6867de1a2828293177b0e030d2f0f03c", "reference_id": "", "reference_type": "", "scores": [], "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=b0029dce6867de1a2828293177b0e030d2f0f03c" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1524510", "reference_id": "1524510", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1524510" }, { "reference_url": "https://security.archlinux.org/AVG-538", "reference_id": "AVG-538", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-538" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.29.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:binutils:2.29.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.29.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-17124", "reference_id": "CVE-2017-17124", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" }, { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-17124" }, { "reference_url": "https://security.gentoo.org/glsa/201811-17", "reference_id": "GLSA-201811-17", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201811-17" }, { "reference_url": "https://usn.ubuntu.com/4336-2/", "reference_id": "USN-4336-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4336-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372846?format=api", "purl": "pkg:alpm/archlinux/binutils@2.30-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.30-1" } ], "aliases": [ "CVE-2017-17124" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b7ed-5vy7-8yb8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83939?format=api", "vulnerability_id": "VCID-bah7-vbh3-7ueg", "summary": "binutils: Heap-based buffer over-read in bfd_get_debug_link_info_1", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15021.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15021.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15021", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49383", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49433", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49392", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49447", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49442", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49459", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.4943", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49412", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49439", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15021" }, { "reference_url": "https://blogs.gentoo.org/ago/2017/10/03/binutils-heap-based-buffer-overflow-in-bfd_getl32-opncls-c/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://blogs.gentoo.org/ago/2017/10/03/binutils-heap-based-buffer-overflow-in-bfd_getl32-opncls-c/" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15021", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15021" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22197", "reference_id": "", "reference_type": "", "scores": [], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22197" }, { "reference_url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=52b36c51e5bf6d7600fdc6ba115b170b0e78e31d", "reference_id": "", "reference_type": "", "scores": [], "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=52b36c51e5bf6d7600fdc6ba115b170b0e78e31d" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1500377", "reference_id": "1500377", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1500377" }, { "reference_url": "https://security.archlinux.org/AVG-435", "reference_id": "AVG-435", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-435" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.29:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:binutils:2.29:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.29:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15021", "reference_id": "CVE-2017-15021", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15021" }, { "reference_url": "https://usn.ubuntu.com/4336-2/", "reference_id": "USN-4336-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4336-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372846?format=api", "purl": "pkg:alpm/archlinux/binutils@2.30-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.30-1" } ], "aliases": [ "CVE-2017-15021" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bah7-vbh3-7ueg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31659?format=api", "vulnerability_id": "VCID-csfh-sngk-qfga", "summary": "Multiple vulnerabilities have been found in Binutils, the worst of\n which may allow remote attackers to cause a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17126.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17126.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-17126", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00377", "scoring_system": "epss", "scoring_elements": "0.59129", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00377", "scoring_system": "epss", "scoring_elements": "0.59241", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00377", "scoring_system": "epss", "scoring_elements": "0.59192", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00377", "scoring_system": "epss", "scoring_elements": "0.59244", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00377", "scoring_system": "epss", "scoring_elements": "0.59257", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00377", "scoring_system": "epss", "scoring_elements": "0.59277", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00377", "scoring_system": "epss", "scoring_elements": "0.5926", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00377", "scoring_system": "epss", "scoring_elements": "0.59203", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00377", "scoring_system": "epss", "scoring_elements": "0.59227", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-17126" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17126", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17126" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22510", "reference_id": "", "reference_type": "", "scores": [], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22510" }, { "reference_url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=f425ec6600b69e39eb605f3128806ff688137ea8", "reference_id": "", "reference_type": "", "scores": [], "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=f425ec6600b69e39eb605f3128806ff688137ea8" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1524498", "reference_id": "1524498", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1524498" }, { "reference_url": "https://security.archlinux.org/AVG-538", "reference_id": "AVG-538", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-538" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.29.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:binutils:2.29.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.29.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-17126", "reference_id": "CVE-2017-17126", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" }, { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-17126" }, { "reference_url": "https://security.gentoo.org/glsa/201811-17", "reference_id": "GLSA-201811-17", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201811-17" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372846?format=api", "purl": "pkg:alpm/archlinux/binutils@2.30-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.30-1" } ], "aliases": [ "CVE-2017-17126" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-csfh-sngk-qfga" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83937?format=api", "vulnerability_id": "VCID-e2yq-7v8c-z7hk", "summary": "binutils: Heap-based buffer overflow in parse_die", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15020.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15020.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15020", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00144", "scoring_system": "epss", "scoring_elements": "0.34608", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00144", "scoring_system": "epss", "scoring_elements": "0.34737", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00144", "scoring_system": "epss", "scoring_elements": "0.34726", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00144", "scoring_system": "epss", "scoring_elements": "0.34769", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00144", "scoring_system": "epss", "scoring_elements": "0.34797", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00144", "scoring_system": "epss", "scoring_elements": "0.34801", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00144", "scoring_system": "epss", "scoring_elements": "0.34762", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00144", "scoring_system": "epss", "scoring_elements": "0.34823", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00144", "scoring_system": "epss", "scoring_elements": "0.3485", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15020" }, { "reference_url": "https://blogs.gentoo.org/ago/2017/10/03/binutils-heap-based-buffer-overflow-in-parse_die-dwarf1-c/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://blogs.gentoo.org/ago/2017/10/03/binutils-heap-based-buffer-overflow-in-parse_die-dwarf1-c/" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15020", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15020" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22202", "reference_id": "", "reference_type": "", "scores": [], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22202" }, { "reference_url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=1da5c9a485f3dcac4c45e96ef4b7dae5948314b5", "reference_id": "", "reference_type": "", "scores": [], "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=1da5c9a485f3dcac4c45e96ef4b7dae5948314b5" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1500372", "reference_id": "1500372", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1500372" }, { "reference_url": "https://security.archlinux.org/AVG-435", "reference_id": "AVG-435", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-435" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.29:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:binutils:2.29:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.29:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15020", "reference_id": "CVE-2017-15020", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" }, { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15020" }, { "reference_url": "https://usn.ubuntu.com/4336-2/", "reference_id": "USN-4336-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4336-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372846?format=api", "purl": "pkg:alpm/archlinux/binutils@2.30-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.30-1" } ], "aliases": [ "CVE-2017-15020" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e2yq-7v8c-z7hk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31655?format=api", "vulnerability_id": "VCID-ftnk-2drc-jkdw", "summary": "Multiple vulnerabilities have been found in Binutils, the worst of\n which may allow remote attackers to cause a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17122.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17122.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-17122", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00426", "scoring_system": "epss", "scoring_elements": "0.62141", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00426", "scoring_system": "epss", "scoring_elements": "0.62251", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00426", "scoring_system": "epss", "scoring_elements": "0.62198", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00426", "scoring_system": "epss", "scoring_elements": "0.62247", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00426", "scoring_system": "epss", "scoring_elements": "0.62265", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00426", "scoring_system": "epss", "scoring_elements": "0.62283", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00426", "scoring_system": "epss", "scoring_elements": "0.62273", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00426", "scoring_system": "epss", "scoring_elements": "0.62201", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00426", "scoring_system": "epss", "scoring_elements": "0.62231", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-17122" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17122", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17122" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22508", "reference_id": "", "reference_type": "", "scores": [], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22508" }, { "reference_url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=d785b7d4b877ed465d04072e17ca19d0f47d840f", "reference_id": "", "reference_type": "", "scores": [], "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=d785b7d4b877ed465d04072e17ca19d0f47d840f" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1524505", "reference_id": "1524505", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1524505" }, { "reference_url": "https://security.archlinux.org/AVG-538", "reference_id": "AVG-538", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-538" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.29.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:binutils:2.29.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.29.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-17122", "reference_id": "CVE-2017-17122", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" }, { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-17122" }, { "reference_url": "https://security.gentoo.org/glsa/201811-17", "reference_id": "GLSA-201811-17", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201811-17" }, { "reference_url": "https://usn.ubuntu.com/5341-1/", "reference_id": "USN-5341-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5341-1/" }, { "reference_url": "https://usn.ubuntu.com/6413-1/", "reference_id": "USN-6413-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6413-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372846?format=api", "purl": "pkg:alpm/archlinux/binutils@2.30-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.30-1" } ], "aliases": [ "CVE-2017-17122" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ftnk-2drc-jkdw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/60865?format=api", "vulnerability_id": "VCID-mann-686a-8bec", "summary": "Multiple vulnerabilities have been found in Binutils, the worst of\n which may allow remote attackers to cause a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15023.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15023.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15023", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00489", "scoring_system": "epss", "scoring_elements": "0.65455", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00489", "scoring_system": "epss", "scoring_elements": "0.65538", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00489", "scoring_system": "epss", "scoring_elements": "0.65496", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00489", "scoring_system": "epss", "scoring_elements": "0.65549", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00489", "scoring_system": "epss", "scoring_elements": "0.6556", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00489", "scoring_system": "epss", "scoring_elements": "0.65579", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00489", "scoring_system": "epss", "scoring_elements": "0.65566", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00489", "scoring_system": "epss", "scoring_elements": "0.65504", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00489", "scoring_system": "epss", "scoring_elements": "0.65532", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15023" }, { "reference_url": "https://blogs.gentoo.org/ago/2017/10/03/binutils-null-pointer-dereference-in-concat_filename-dwarf2-c/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://blogs.gentoo.org/ago/2017/10/03/binutils-null-pointer-dereference-in-concat_filename-dwarf2-c/" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15023", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15023" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22200", "reference_id": "", "reference_type": "", "scores": [], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22200" }, { "reference_url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=c361faae8d964db951b7100cada4dcdc983df1bf", "reference_id": "", "reference_type": "", "scores": [], "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=c361faae8d964db951b7100cada4dcdc983df1bf" }, { "reference_url": "http://www.securityfocus.com/bid/101611", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/101611" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1500374", "reference_id": "1500374", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1500374" }, { "reference_url": "https://security.archlinux.org/AVG-435", "reference_id": "AVG-435", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-435" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.29:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:binutils:2.29:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.29:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15023", "reference_id": "CVE-2017-15023", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15023" }, { "reference_url": "https://security.gentoo.org/glsa/201801-01", "reference_id": "GLSA-201801-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201801-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372846?format=api", "purl": "pkg:alpm/archlinux/binutils@2.30-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.30-1" } ], "aliases": [ "CVE-2017-15023" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mann-686a-8bec" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31658?format=api", "vulnerability_id": "VCID-stn9-gqqb-7kae", "summary": "Multiple vulnerabilities have been found in Binutils, the worst of\n which may allow remote attackers to cause a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17125.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17125.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-17125", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00377", "scoring_system": "epss", "scoring_elements": "0.59129", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00377", "scoring_system": "epss", "scoring_elements": "0.59241", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00377", "scoring_system": "epss", "scoring_elements": "0.59192", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00377", "scoring_system": "epss", "scoring_elements": "0.59244", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00377", "scoring_system": "epss", "scoring_elements": "0.59257", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00377", "scoring_system": "epss", "scoring_elements": "0.59277", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00377", "scoring_system": "epss", "scoring_elements": "0.5926", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00377", "scoring_system": "epss", "scoring_elements": "0.59203", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00377", "scoring_system": "epss", "scoring_elements": "0.59227", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-17125" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17125", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17125" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22443", "reference_id": "", "reference_type": "", "scores": [], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22443" }, { "reference_url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=160b1a618ad94988410dc81fce9189fcda5b7ff4", "reference_id": "", "reference_type": "", "scores": [], "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=160b1a618ad94988410dc81fce9189fcda5b7ff4" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1524511", "reference_id": "1524511", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1524511" }, { "reference_url": "https://security.archlinux.org/AVG-538", "reference_id": "AVG-538", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-538" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.29.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:binutils:2.29.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.29.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-17125", "reference_id": "CVE-2017-17125", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" }, { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-17125" }, { "reference_url": "https://security.gentoo.org/glsa/201811-17", "reference_id": "GLSA-201811-17", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201811-17" }, { "reference_url": "https://usn.ubuntu.com/4336-2/", "reference_id": "USN-4336-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4336-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372846?format=api", "purl": "pkg:alpm/archlinux/binutils@2.30-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.30-1" } ], "aliases": [ "CVE-2017-17125" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-stn9-gqqb-7kae" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/60868?format=api", "vulnerability_id": "VCID-yqbv-z58c-dycr", "summary": "Multiple vulnerabilities have been found in Binutils, the worst of\n which may allow remote attackers to cause a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15996.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15996.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15996", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00314", "scoring_system": "epss", "scoring_elements": "0.54475", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00314", "scoring_system": "epss", "scoring_elements": "0.54561", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00314", "scoring_system": "epss", "scoring_elements": "0.54594", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00314", "scoring_system": "epss", "scoring_elements": "0.54589", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00314", "scoring_system": "epss", "scoring_elements": "0.54601", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00314", "scoring_system": "epss", "scoring_elements": "0.54583", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00314", "scoring_system": "epss", "scoring_elements": "0.5455", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00314", "scoring_system": "epss", "scoring_elements": "0.54574", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00314", "scoring_system": "epss", "scoring_elements": "0.54543", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15996" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15996", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15996" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22361", "reference_id": "", "reference_type": "", "scores": [], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22361" }, { "reference_url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=d91f0b20e561e326ee91a09a76206257bde8438b", "reference_id": "", "reference_type": "", "scores": [], "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=d91f0b20e561e326ee91a09a76206257bde8438b" }, { "reference_url": "http://www.securityfocus.com/bid/101608", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/101608" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1515742", "reference_id": "1515742", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1515742" }, { "reference_url": "https://security.archlinux.org/AVG-435", "reference_id": "AVG-435", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-435" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.29:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:binutils:2.29:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.29:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15996", "reference_id": "CVE-2017-15996", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" }, { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15996" }, { "reference_url": "https://security.gentoo.org/glsa/201801-01", "reference_id": "GLSA-201801-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201801-01" }, { "reference_url": "https://usn.ubuntu.com/4336-2/", "reference_id": "USN-4336-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4336-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372846?format=api", "purl": "pkg:alpm/archlinux/binutils@2.30-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.30-1" } ], "aliases": [ "CVE-2017-15996" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yqbv-z58c-dycr" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.30-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/372624?format=api", "purl": "pkg:alpm/archlinux/binutils@2.31.1-4", "type": "alpm", "namespace": "archlinux", "name": "binutils", "version": "2.31.1-4", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.32-1", "latest_non_vulnerable_version": "2.38-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58588?format=api", "vulnerability_id": "VCID-24yc-9zfd-skax", "summary": "Multiple vulnerabilities have been found in Binutils, the worst of\n which may allow remote attackers to cause a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19932.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19932.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-19932", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0042", "scoring_system": "epss", "scoring_elements": "0.61829", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0042", "scoring_system": "epss", "scoring_elements": "0.61958", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0042", "scoring_system": "epss", "scoring_elements": "0.6199", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0042", "scoring_system": "epss", "scoring_elements": "0.61979", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0042", "scoring_system": "epss", "scoring_elements": "0.61902", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0042", "scoring_system": "epss", "scoring_elements": "0.61932", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0042", "scoring_system": "epss", "scoring_elements": "0.61951", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0042", "scoring_system": "epss", "scoring_elements": "0.61969", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-19932" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19932", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19932" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1658949", "reference_id": "1658949", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1658949" }, { "reference_url": "https://security.archlinux.org/ASA-201906-3", "reference_id": "ASA-201906-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201906-3" }, { "reference_url": "https://security.archlinux.org/AVG-832", "reference_id": "AVG-832", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-832" }, { "reference_url": "https://security.gentoo.org/glsa/201908-01", "reference_id": "GLSA-201908-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201908-01" }, { "reference_url": "https://usn.ubuntu.com/4336-1/", "reference_id": "USN-4336-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4336-1/" }, { "reference_url": "https://usn.ubuntu.com/4336-2/", "reference_id": "USN-4336-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4336-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372625?format=api", "purl": "pkg:alpm/archlinux/binutils@2.32-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.32-1" } ], "aliases": [ "CVE-2018-19932" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-24yc-9zfd-skax" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/82915?format=api", "vulnerability_id": "VCID-98ww-99gn-xyar", "summary": "libiberty: heap-based buffer over-read in d_expression_1", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20712.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20712.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-20712", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00801", "scoring_system": "epss", "scoring_elements": "0.74019", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00801", "scoring_system": "epss", "scoring_elements": "0.74067", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00801", "scoring_system": "epss", "scoring_elements": "0.74056", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00801", "scoring_system": "epss", "scoring_elements": "0.7407", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00801", "scoring_system": "epss", "scoring_elements": "0.74092", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00801", "scoring_system": "epss", "scoring_elements": "0.74074", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00801", "scoring_system": "epss", "scoring_elements": "0.74025", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00801", "scoring_system": "epss", "scoring_elements": "0.74051", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00801", "scoring_system": "epss", "scoring_elements": "0.74022", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-20712" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20712", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20712" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88629", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88629" }, { "reference_url": "https://sourceware.org/bugzilla/show_bug.cgi?id=24043", "reference_id": "", "reference_type": "", "scores": [], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=24043" }, { "reference_url": "https://support.f5.com/csp/article/K38336243", "reference_id": "", "reference_type": "", "scores": [], "url": "https://support.f5.com/csp/article/K38336243" }, { "reference_url": "http://www.securityfocus.com/bid/106563", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/106563" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668269", "reference_id": "1668269", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668269" }, { "reference_url": "https://security.archlinux.org/ASA-201906-3", "reference_id": "ASA-201906-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201906-3" }, { "reference_url": "https://security.archlinux.org/AVG-832", "reference_id": "AVG-832", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-832" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.31.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:binutils:2.31.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.31.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20712", "reference_id": "CVE-2018-20712", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20712" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372625?format=api", "purl": "pkg:alpm/archlinux/binutils@2.32-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.32-1" } ], "aliases": [ "CVE-2018-20712" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-98ww-99gn-xyar" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58587?format=api", "vulnerability_id": "VCID-kuzy-t7d8-kfhd", "summary": "Multiple vulnerabilities have been found in Binutils, the worst of\n which may allow remote attackers to cause a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19931.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19931.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-19931", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55027", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55151", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55188", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55169", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55128", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55152", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55127", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55177", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-19931" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19931", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19931" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1658947", "reference_id": "1658947", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1658947" }, { "reference_url": "https://security.archlinux.org/ASA-201906-3", "reference_id": "ASA-201906-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201906-3" }, { "reference_url": "https://security.archlinux.org/AVG-832", "reference_id": "AVG-832", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-832" }, { "reference_url": "https://security.gentoo.org/glsa/201908-01", "reference_id": "GLSA-201908-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201908-01" }, { "reference_url": "https://usn.ubuntu.com/4336-1/", "reference_id": "USN-4336-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4336-1/" }, { "reference_url": "https://usn.ubuntu.com/4336-2/", "reference_id": "USN-4336-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4336-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372625?format=api", "purl": "pkg:alpm/archlinux/binutils@2.32-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.32-1" } ], "aliases": [ "CVE-2018-19931" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kuzy-t7d8-kfhd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58589?format=api", "vulnerability_id": "VCID-w17q-m7sf-23fx", "summary": "Multiple vulnerabilities have been found in Binutils, the worst of\n which may allow remote attackers to cause a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20002.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20002.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-20002", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00315", "scoring_system": "epss", "scoring_elements": "0.54537", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00315", "scoring_system": "epss", "scoring_elements": "0.54598", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00315", "scoring_system": "epss", "scoring_elements": "0.54645", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00315", "scoring_system": "epss", "scoring_elements": "0.54658", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00315", "scoring_system": "epss", "scoring_elements": "0.5464", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00315", "scoring_system": "epss", "scoring_elements": "0.54607", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00315", "scoring_system": "epss", "scoring_elements": "0.5463", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00315", "scoring_system": "epss", "scoring_elements": "0.5465", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.55957", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-20002" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20002", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20002" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1661534", "reference_id": "1661534", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1661534" }, { "reference_url": "https://security.archlinux.org/ASA-201906-3", "reference_id": "ASA-201906-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201906-3" }, { "reference_url": "https://security.archlinux.org/AVG-832", "reference_id": "AVG-832", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-832" }, { "reference_url": "https://security.gentoo.org/glsa/201908-01", "reference_id": "GLSA-201908-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201908-01" }, { "reference_url": "https://usn.ubuntu.com/4336-1/", "reference_id": "USN-4336-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4336-1/" }, { "reference_url": "https://usn.ubuntu.com/4336-2/", "reference_id": "USN-4336-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4336-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372625?format=api", "purl": "pkg:alpm/archlinux/binutils@2.32-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.32-1" } ], "aliases": [ "CVE-2018-20002" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w17q-m7sf-23fx" } ], "fixing_vulnerabilities": [], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.31.1-4" }, { "url": "http://public2.vulnerablecode.io/api/packages/372625?format=api", "purl": "pkg:alpm/archlinux/binutils@2.32-1", "type": "alpm", "namespace": "archlinux", "name": "binutils", "version": "2.32-1", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "2.36-1", "latest_non_vulnerable_version": "2.38-1", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58588?format=api", "vulnerability_id": "VCID-24yc-9zfd-skax", "summary": "Multiple vulnerabilities have been found in Binutils, the worst of\n which may allow remote attackers to cause a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19932.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19932.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-19932", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0042", "scoring_system": "epss", "scoring_elements": "0.61829", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0042", "scoring_system": "epss", "scoring_elements": "0.61958", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0042", "scoring_system": "epss", "scoring_elements": "0.6199", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0042", "scoring_system": "epss", "scoring_elements": "0.61979", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0042", "scoring_system": "epss", "scoring_elements": "0.61902", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0042", "scoring_system": "epss", "scoring_elements": "0.61932", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0042", "scoring_system": "epss", "scoring_elements": "0.61951", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0042", "scoring_system": "epss", "scoring_elements": "0.61969", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-19932" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19932", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19932" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1658949", "reference_id": "1658949", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1658949" }, { "reference_url": "https://security.archlinux.org/ASA-201906-3", "reference_id": "ASA-201906-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201906-3" }, { "reference_url": "https://security.archlinux.org/AVG-832", "reference_id": "AVG-832", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-832" }, { "reference_url": "https://security.gentoo.org/glsa/201908-01", "reference_id": "GLSA-201908-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201908-01" }, { "reference_url": "https://usn.ubuntu.com/4336-1/", "reference_id": "USN-4336-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4336-1/" }, { "reference_url": "https://usn.ubuntu.com/4336-2/", "reference_id": "USN-4336-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4336-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372625?format=api", "purl": "pkg:alpm/archlinux/binutils@2.32-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.32-1" } ], "aliases": [ "CVE-2018-19932" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-24yc-9zfd-skax" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/82915?format=api", "vulnerability_id": "VCID-98ww-99gn-xyar", "summary": "libiberty: heap-based buffer over-read in d_expression_1", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20712.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20712.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-20712", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00801", "scoring_system": "epss", "scoring_elements": "0.74019", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00801", "scoring_system": "epss", "scoring_elements": "0.74067", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00801", "scoring_system": "epss", "scoring_elements": "0.74056", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00801", "scoring_system": "epss", "scoring_elements": "0.7407", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00801", "scoring_system": "epss", "scoring_elements": "0.74092", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00801", "scoring_system": "epss", "scoring_elements": "0.74074", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00801", "scoring_system": "epss", "scoring_elements": "0.74025", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00801", "scoring_system": "epss", "scoring_elements": "0.74051", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00801", "scoring_system": "epss", "scoring_elements": "0.74022", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-20712" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20712", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20712" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88629", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88629" }, { "reference_url": "https://sourceware.org/bugzilla/show_bug.cgi?id=24043", "reference_id": "", "reference_type": "", "scores": [], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=24043" }, { "reference_url": "https://support.f5.com/csp/article/K38336243", "reference_id": "", "reference_type": "", "scores": [], "url": "https://support.f5.com/csp/article/K38336243" }, { "reference_url": "http://www.securityfocus.com/bid/106563", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/106563" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668269", "reference_id": "1668269", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668269" }, { "reference_url": "https://security.archlinux.org/ASA-201906-3", "reference_id": "ASA-201906-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201906-3" }, { "reference_url": "https://security.archlinux.org/AVG-832", "reference_id": "AVG-832", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-832" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.31.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:binutils:2.31.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.31.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20712", "reference_id": "CVE-2018-20712", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20712" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372625?format=api", "purl": "pkg:alpm/archlinux/binutils@2.32-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.32-1" } ], "aliases": [ "CVE-2018-20712" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-98ww-99gn-xyar" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58587?format=api", "vulnerability_id": "VCID-kuzy-t7d8-kfhd", "summary": "Multiple vulnerabilities have been found in Binutils, the worst of\n which may allow remote attackers to cause a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19931.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19931.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-19931", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55027", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55151", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55188", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55169", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55128", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55152", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55127", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55177", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-19931" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19931", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19931" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1658947", "reference_id": "1658947", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1658947" }, { "reference_url": "https://security.archlinux.org/ASA-201906-3", "reference_id": "ASA-201906-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201906-3" }, { "reference_url": "https://security.archlinux.org/AVG-832", "reference_id": "AVG-832", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-832" }, { "reference_url": "https://security.gentoo.org/glsa/201908-01", "reference_id": "GLSA-201908-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201908-01" }, { "reference_url": "https://usn.ubuntu.com/4336-1/", "reference_id": "USN-4336-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4336-1/" }, { "reference_url": "https://usn.ubuntu.com/4336-2/", "reference_id": "USN-4336-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4336-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372625?format=api", "purl": "pkg:alpm/archlinux/binutils@2.32-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.32-1" } ], "aliases": [ "CVE-2018-19931" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kuzy-t7d8-kfhd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58589?format=api", "vulnerability_id": "VCID-w17q-m7sf-23fx", "summary": "Multiple vulnerabilities have been found in Binutils, the worst of\n which may allow remote attackers to cause a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20002.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20002.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-20002", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00315", "scoring_system": "epss", "scoring_elements": "0.54537", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00315", "scoring_system": "epss", "scoring_elements": "0.54598", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00315", "scoring_system": "epss", "scoring_elements": "0.54645", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00315", "scoring_system": "epss", "scoring_elements": "0.54658", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00315", "scoring_system": "epss", "scoring_elements": "0.5464", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00315", "scoring_system": "epss", "scoring_elements": "0.54607", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00315", "scoring_system": "epss", "scoring_elements": "0.5463", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00315", "scoring_system": "epss", "scoring_elements": "0.5465", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.55957", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-20002" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20002", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20002" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1661534", "reference_id": "1661534", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1661534" }, { "reference_url": "https://security.archlinux.org/ASA-201906-3", "reference_id": "ASA-201906-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201906-3" }, { "reference_url": "https://security.archlinux.org/AVG-832", "reference_id": "AVG-832", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-832" }, { "reference_url": "https://security.gentoo.org/glsa/201908-01", "reference_id": "GLSA-201908-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201908-01" }, { "reference_url": "https://usn.ubuntu.com/4336-1/", "reference_id": "USN-4336-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4336-1/" }, { "reference_url": "https://usn.ubuntu.com/4336-2/", "reference_id": "USN-4336-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4336-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372625?format=api", "purl": "pkg:alpm/archlinux/binutils@2.32-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.32-1" } ], "aliases": [ "CVE-2018-20002" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w17q-m7sf-23fx" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.32-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/373925?format=api", "purl": "pkg:alpm/archlinux/binutils@2.35.1-1", "type": "alpm", "namespace": "archlinux", "name": "binutils", "version": "2.35.1-1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.36-1", "latest_non_vulnerable_version": "2.38-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49739?format=api", "vulnerability_id": "VCID-7sc8-fzw3-vfer", "summary": "Multiple vulnerabilities have been found in Binutils, the worst of\n which could result in a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35448.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35448.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35448", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32892", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32762", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32927", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00327", "scoring_system": "epss", "scoring_elements": "0.5566", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00327", "scoring_system": "epss", "scoring_elements": "0.55697", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00327", "scoring_system": "epss", "scoring_elements": "0.55678", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00327", "scoring_system": "epss", "scoring_elements": "0.55634", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00327", "scoring_system": "epss", "scoring_elements": "0.55686", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00327", "scoring_system": "epss", "scoring_elements": "0.55689", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35448" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35448", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35448" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1950478", "reference_id": "1950478", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1950478" }, { "reference_url": "https://security.archlinux.org/AVG-1385", "reference_id": "AVG-1385", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1385" }, { "reference_url": "https://security.gentoo.org/glsa/202107-24", "reference_id": "GLSA-202107-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202107-24" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4364", "reference_id": "RHSA-2021:4364", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4364" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373926?format=api", "purl": "pkg:alpm/archlinux/binutils@2.36-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.36-1" } ], "aliases": [ "CVE-2020-35448" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7sc8-fzw3-vfer" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47234?format=api", "vulnerability_id": "VCID-vepg-jnnm-97d7", "summary": "Multiple vulnerabilities have been discovered in Binutils, the worst of which could result in denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20294.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20294.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20294", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.1586", "scoring_system": "epss", "scoring_elements": "0.94712", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.1586", "scoring_system": "epss", "scoring_elements": "0.94724", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.1586", "scoring_system": "epss", "scoring_elements": "0.9472", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.22712", "scoring_system": "epss", "scoring_elements": "0.95857", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.22712", "scoring_system": "epss", "scoring_elements": "0.9586", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.22712", "scoring_system": "epss", "scoring_elements": "0.95863", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.22712", "scoring_system": "epss", "scoring_elements": "0.95848", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.22712", "scoring_system": "epss", "scoring_elements": "0.95864", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20294" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20294", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20294" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1943533", "reference_id": "1943533", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1943533" }, { "reference_url": "https://security.archlinux.org/AVG-1385", "reference_id": "AVG-1385", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1385" }, { "reference_url": "https://security.gentoo.org/glsa/202208-30", "reference_id": "GLSA-202208-30", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202208-30" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373926?format=api", "purl": "pkg:alpm/archlinux/binutils@2.36-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.36-1" } ], "aliases": [ "CVE-2021-20294" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vepg-jnnm-97d7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47229?format=api", "vulnerability_id": "VCID-xrpd-jdfr-ebeq", "summary": "Multiple vulnerabilities have been discovered in Binutils, the worst of which could result in denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3487.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3487.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1947111", "reference_id": "1947111", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1947111" }, { "reference_url": "https://security.archlinux.org/AVG-1385", "reference_id": "AVG-1385", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1385" }, { "reference_url": "https://security.gentoo.org/glsa/202208-30", "reference_id": "GLSA-202208-30", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202208-30" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4364", "reference_id": "RHSA-2021:4364", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4364" }, { "reference_url": "https://usn.ubuntu.com/5124-1/", "reference_id": "USN-5124-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5124-1/" }, { "reference_url": "https://usn.ubuntu.com/5341-1/", "reference_id": "USN-5341-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5341-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373926?format=api", "purl": "pkg:alpm/archlinux/binutils@2.36-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.36-1" } ], "aliases": [ "CVE-2021-3487" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xrpd-jdfr-ebeq" } ], "fixing_vulnerabilities": [], "risk_score": "3.1", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.35.1-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/373926?format=api", "purl": "pkg:alpm/archlinux/binutils@2.36-1", "type": "alpm", "namespace": "archlinux", "name": "binutils", "version": "2.36-1", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "2.37-1", "latest_non_vulnerable_version": "2.38-1", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49739?format=api", "vulnerability_id": "VCID-7sc8-fzw3-vfer", "summary": "Multiple vulnerabilities have been found in Binutils, the worst of\n which could result in a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35448.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35448.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35448", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32892", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32762", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32927", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00327", "scoring_system": "epss", "scoring_elements": "0.5566", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00327", "scoring_system": "epss", "scoring_elements": "0.55697", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00327", "scoring_system": "epss", "scoring_elements": "0.55678", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00327", "scoring_system": "epss", "scoring_elements": "0.55634", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00327", "scoring_system": "epss", "scoring_elements": "0.55686", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00327", "scoring_system": "epss", "scoring_elements": "0.55689", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35448" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35448", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35448" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1950478", "reference_id": "1950478", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1950478" }, { "reference_url": "https://security.archlinux.org/AVG-1385", "reference_id": "AVG-1385", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1385" }, { "reference_url": "https://security.gentoo.org/glsa/202107-24", "reference_id": "GLSA-202107-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202107-24" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4364", "reference_id": "RHSA-2021:4364", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4364" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373926?format=api", "purl": "pkg:alpm/archlinux/binutils@2.36-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.36-1" } ], "aliases": [ "CVE-2020-35448" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7sc8-fzw3-vfer" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47234?format=api", "vulnerability_id": "VCID-vepg-jnnm-97d7", "summary": "Multiple vulnerabilities have been discovered in Binutils, the worst of which could result in denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20294.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20294.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20294", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.1586", "scoring_system": "epss", "scoring_elements": "0.94712", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.1586", "scoring_system": "epss", "scoring_elements": "0.94724", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.1586", "scoring_system": "epss", "scoring_elements": "0.9472", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.22712", "scoring_system": "epss", "scoring_elements": "0.95857", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.22712", "scoring_system": "epss", "scoring_elements": "0.9586", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.22712", "scoring_system": "epss", "scoring_elements": "0.95863", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.22712", "scoring_system": "epss", "scoring_elements": "0.95848", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.22712", "scoring_system": "epss", "scoring_elements": "0.95864", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20294" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20294", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20294" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1943533", "reference_id": "1943533", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1943533" }, { "reference_url": "https://security.archlinux.org/AVG-1385", "reference_id": "AVG-1385", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1385" }, { "reference_url": "https://security.gentoo.org/glsa/202208-30", "reference_id": "GLSA-202208-30", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202208-30" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373926?format=api", "purl": "pkg:alpm/archlinux/binutils@2.36-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.36-1" } ], "aliases": [ "CVE-2021-20294" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vepg-jnnm-97d7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47229?format=api", "vulnerability_id": "VCID-xrpd-jdfr-ebeq", "summary": "Multiple vulnerabilities have been discovered in Binutils, the worst of which could result in denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3487.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3487.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1947111", "reference_id": "1947111", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1947111" }, { "reference_url": "https://security.archlinux.org/AVG-1385", "reference_id": "AVG-1385", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1385" }, { "reference_url": "https://security.gentoo.org/glsa/202208-30", "reference_id": "GLSA-202208-30", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202208-30" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4364", "reference_id": "RHSA-2021:4364", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4364" }, { "reference_url": "https://usn.ubuntu.com/5124-1/", "reference_id": "USN-5124-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5124-1/" }, { "reference_url": "https://usn.ubuntu.com/5341-1/", "reference_id": "USN-5341-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5341-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373926?format=api", "purl": "pkg:alpm/archlinux/binutils@2.36-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.36-1" } ], "aliases": [ "CVE-2021-3487" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xrpd-jdfr-ebeq" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.36-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/373274?format=api", "purl": "pkg:alpm/archlinux/binutils@2.36.1-3", "type": "alpm", "namespace": "archlinux", "name": "binutils", "version": "2.36.1-3", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.37-1", "latest_non_vulnerable_version": "2.38-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47230?format=api", "vulnerability_id": "VCID-4uea-bxbr-2kdz", "summary": "Multiple vulnerabilities have been discovered in Binutils, the worst of which could result in denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3530.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3530.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3530", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00354", "scoring_system": "epss", "scoring_elements": "0.57639", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00354", "scoring_system": "epss", "scoring_elements": "0.5775", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00354", "scoring_system": "epss", "scoring_elements": "0.57791", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00354", "scoring_system": "epss", "scoring_elements": "0.5777", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00354", "scoring_system": "epss", "scoring_elements": "0.57724", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00354", "scoring_system": "epss", "scoring_elements": "0.57745", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00354", "scoring_system": "epss", "scoring_elements": "0.57719", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00354", "scoring_system": "epss", "scoring_elements": "0.57774", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00354", "scoring_system": "epss", "scoring_elements": "0.57776", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3530" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3530", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3530" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956423", "reference_id": "1956423", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956423" }, { "reference_url": "https://security.archlinux.org/AVG-1540", "reference_id": "AVG-1540", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1540" }, { "reference_url": "https://security.gentoo.org/glsa/202208-30", "reference_id": "GLSA-202208-30", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202208-30" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373275?format=api", "purl": "pkg:alpm/archlinux/binutils@2.38-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.38-1" } ], "aliases": [ "CVE-2021-3530" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4uea-bxbr-2kdz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/80238?format=api", "vulnerability_id": "VCID-cafq-79j3-uue5", "summary": "binutils: infinite loop while demangling rust symbols", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3648.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3648.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1982320", "reference_id": "1982320", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1982320" }, { "reference_url": "https://security.archlinux.org/AVG-1540", "reference_id": "AVG-1540", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1540" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373275?format=api", "purl": "pkg:alpm/archlinux/binutils@2.38-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.38-1" } ], "aliases": [ "CVE-2021-3648" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cafq-79j3-uue5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47231?format=api", "vulnerability_id": "VCID-uv5p-15z7-fqcn", "summary": "Multiple vulnerabilities have been discovered in Binutils, the worst of which could result in denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3549.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3549.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3549", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00193", "scoring_system": "epss", "scoring_elements": "0.41213", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00193", "scoring_system": "epss", "scoring_elements": "0.41259", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00193", "scoring_system": "epss", "scoring_elements": "0.41307", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00193", "scoring_system": "epss", "scoring_elements": "0.41335", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00346", "scoring_system": "epss", "scoring_elements": "0.5717", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00346", "scoring_system": "epss", "scoring_elements": "0.57182", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00346", "scoring_system": "epss", "scoring_elements": "0.57161", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00346", "scoring_system": "epss", "scoring_elements": "0.57168", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00346", "scoring_system": "epss", "scoring_elements": "0.57141", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3549" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3549", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3549" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1960717", "reference_id": "1960717", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1960717" }, { "reference_url": "https://security.archlinux.org/AVG-2002", "reference_id": "AVG-2002", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2002" }, { "reference_url": "https://security.gentoo.org/glsa/202208-30", "reference_id": "GLSA-202208-30", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202208-30" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374704?format=api", "purl": "pkg:alpm/archlinux/binutils@2.37-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.37-1" } ], "aliases": [ "CVE-2021-3549" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uv5p-15z7-fqcn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47232?format=api", "vulnerability_id": "VCID-znqk-35mz-dqfk", "summary": "Multiple vulnerabilities have been discovered in Binutils, the worst of which could result in denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20197.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20197.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20197", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30284", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30186", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30313", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30361", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30177", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30238", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30272", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30275", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30232", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20197" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20197", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20197" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1913743", "reference_id": "1913743", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-03T15:08:08Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1913743" }, { "reference_url": "https://security.archlinux.org/AVG-1540", "reference_id": "AVG-1540", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1540" }, { "reference_url": "https://security.gentoo.org/glsa/202208-30", "reference_id": "GLSA-202208-30", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-03T15:08:08Z/" } ], "url": "https://security.gentoo.org/glsa/202208-30" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210528-0009/", "reference_id": "ntap-20210528-0009", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-03T15:08:08Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20210528-0009/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4364", "reference_id": "RHSA-2021:4364", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4364" }, { "reference_url": "https://sourceware.org/bugzilla/show_bug.cgi?id=26945", "reference_id": "show_bug.cgi?id=26945", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-03T15:08:08Z/" } ], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=26945" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373275?format=api", "purl": "pkg:alpm/archlinux/binutils@2.38-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.38-1" } ], "aliases": [ "CVE-2021-20197" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-znqk-35mz-dqfk" } ], "fixing_vulnerabilities": [], "risk_score": "3.1", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.36.1-3" }, { "url": "http://public2.vulnerablecode.io/api/packages/374704?format=api", "purl": "pkg:alpm/archlinux/binutils@2.37-1", "type": "alpm", "namespace": "archlinux", "name": "binutils", "version": "2.37-1", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "2.38-1", "latest_non_vulnerable_version": "2.38-1", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47231?format=api", "vulnerability_id": "VCID-uv5p-15z7-fqcn", "summary": "Multiple vulnerabilities have been discovered in Binutils, the worst of which could result in denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3549.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3549.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3549", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00193", "scoring_system": "epss", "scoring_elements": "0.41213", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00193", "scoring_system": "epss", "scoring_elements": "0.41259", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00193", "scoring_system": "epss", "scoring_elements": "0.41307", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00193", "scoring_system": "epss", "scoring_elements": "0.41335", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00346", "scoring_system": "epss", "scoring_elements": "0.5717", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00346", "scoring_system": "epss", "scoring_elements": "0.57182", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00346", "scoring_system": "epss", "scoring_elements": "0.57161", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00346", "scoring_system": "epss", "scoring_elements": "0.57168", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00346", "scoring_system": "epss", "scoring_elements": "0.57141", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3549" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3549", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3549" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1960717", "reference_id": "1960717", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1960717" }, { "reference_url": "https://security.archlinux.org/AVG-2002", "reference_id": "AVG-2002", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2002" }, { "reference_url": "https://security.gentoo.org/glsa/202208-30", "reference_id": "GLSA-202208-30", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202208-30" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374704?format=api", "purl": "pkg:alpm/archlinux/binutils@2.37-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.37-1" } ], "aliases": [ "CVE-2021-3549" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uv5p-15z7-fqcn" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.37-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/373275?format=api", "purl": "pkg:alpm/archlinux/binutils@2.38-1", "type": "alpm", "namespace": "archlinux", "name": "binutils", "version": "2.38-1", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47230?format=api", "vulnerability_id": "VCID-4uea-bxbr-2kdz", "summary": "Multiple vulnerabilities have been discovered in Binutils, the worst of which could result in denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3530.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3530.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3530", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00354", "scoring_system": "epss", "scoring_elements": "0.57639", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00354", "scoring_system": "epss", "scoring_elements": "0.5775", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00354", "scoring_system": "epss", "scoring_elements": "0.57791", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00354", "scoring_system": "epss", "scoring_elements": "0.5777", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00354", "scoring_system": "epss", "scoring_elements": "0.57724", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00354", "scoring_system": "epss", "scoring_elements": "0.57745", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00354", "scoring_system": "epss", "scoring_elements": "0.57719", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00354", "scoring_system": "epss", "scoring_elements": "0.57774", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00354", "scoring_system": "epss", "scoring_elements": "0.57776", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3530" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3530", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3530" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956423", "reference_id": "1956423", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956423" }, { "reference_url": "https://security.archlinux.org/AVG-1540", "reference_id": "AVG-1540", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1540" }, { "reference_url": "https://security.gentoo.org/glsa/202208-30", "reference_id": "GLSA-202208-30", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202208-30" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373275?format=api", "purl": "pkg:alpm/archlinux/binutils@2.38-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.38-1" } ], "aliases": [ "CVE-2021-3530" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4uea-bxbr-2kdz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/80238?format=api", "vulnerability_id": "VCID-cafq-79j3-uue5", "summary": "binutils: infinite loop while demangling rust symbols", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3648.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3648.json" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1982320", "reference_id": "1982320", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1982320" }, { "reference_url": "https://security.archlinux.org/AVG-1540", "reference_id": "AVG-1540", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1540" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373275?format=api", "purl": "pkg:alpm/archlinux/binutils@2.38-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.38-1" } ], "aliases": [ "CVE-2021-3648" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cafq-79j3-uue5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47232?format=api", "vulnerability_id": "VCID-znqk-35mz-dqfk", "summary": "Multiple vulnerabilities have been discovered in Binutils, the worst of which could result in denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20197.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20197.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20197", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30284", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30186", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30313", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30361", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30177", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30238", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30272", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30275", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30232", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20197" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20197", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20197" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1913743", "reference_id": "1913743", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-03T15:08:08Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1913743" }, { "reference_url": "https://security.archlinux.org/AVG-1540", "reference_id": "AVG-1540", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1540" }, { "reference_url": "https://security.gentoo.org/glsa/202208-30", "reference_id": "GLSA-202208-30", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-03T15:08:08Z/" } ], "url": "https://security.gentoo.org/glsa/202208-30" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210528-0009/", "reference_id": "ntap-20210528-0009", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-03T15:08:08Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20210528-0009/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4364", "reference_id": "RHSA-2021:4364", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4364" }, { "reference_url": "https://sourceware.org/bugzilla/show_bug.cgi?id=26945", "reference_id": "show_bug.cgi?id=26945", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-03T15:08:08Z/" } ], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=26945" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373275?format=api", "purl": "pkg:alpm/archlinux/binutils@2.38-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.38-1" } ], "aliases": [ "CVE-2021-20197" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-znqk-35mz-dqfk" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.38-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/373175?format=api", "purl": "pkg:alpm/archlinux/bitcoin-daemon@22.0-1", "type": "alpm", "namespace": "archlinux", "name": "bitcoin-daemon", "version": "22.0-1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/257038?format=api", "vulnerability_id": "VCID-573d-byea-r7cg", "summary": "bitcoind in Bitcoin Core through 0.21.0 can create a new file in an arbitrary directory (e.g., outside the ~/.bitcoin directory) via a dumpwallet RPC call. NOTE: this reportedly does not violate the security model of Bitcoin Core, but can violate the security model of a fork that has implemented dumpwallet restrictions", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3195", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.5006", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.5001", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50048", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50076", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50026", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50081", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50074", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50091", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50064", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3195" }, { "reference_url": "https://security.archlinux.org/AVG-1486", "reference_id": "AVG-1486", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1486" } ], "fixed_packages": [], "aliases": [ "CVE-2021-3195" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-573d-byea-r7cg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/250278?format=api", "vulnerability_id": "VCID-9g6t-dcaz-1kh3", "summary": "Bitcoin Core 0.12.0 through 0.21.1 does not properly implement the replacement policy specified in BIP125, which makes it easier for attackers to trigger a loss of funds, or a denial of service attack against downstream projects such as Lightning network nodes. An unconfirmed child transaction with nSequence = 0xff_ff_ff_ff, spending an unconfirmed parent with nSequence <= 0xff_ff_ff_fd, should be replaceable because there is inherited signaling by the child transaction. However, the actual PreChecks implementation does not enforce this. Instead, mempool rejects the replacement attempt of the unconfirmed child transaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-31876", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00487", "scoring_system": "epss", "scoring_elements": "0.65409", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00487", "scoring_system": "epss", "scoring_elements": "0.6533", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00487", "scoring_system": "epss", "scoring_elements": "0.65378", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00487", "scoring_system": "epss", "scoring_elements": "0.65405", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00487", "scoring_system": "epss", "scoring_elements": "0.65368", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00487", "scoring_system": "epss", "scoring_elements": "0.65421", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00487", "scoring_system": "epss", "scoring_elements": "0.65432", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00487", "scoring_system": "epss", "scoring_elements": "0.65451", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00487", "scoring_system": "epss", "scoring_elements": "0.65437", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-31876" }, { "reference_url": "https://security.archlinux.org/AVG-1486", "reference_id": "AVG-1486", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1486" } ], "fixed_packages": [], "aliases": [ "CVE-2021-31876" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9g6t-dcaz-1kh3" } ], "fixing_vulnerabilities": [], "risk_score": "3.1", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bitcoin-daemon@22.0-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/374365?format=api", "purl": "pkg:alpm/archlinux/bitcoin-qt@0.16.2-2", "type": "alpm", "namespace": "archlinux", "name": "bitcoin-qt", "version": "0.16.2-2", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "0.16.3-1", "latest_non_vulnerable_version": "0.16.3-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/93586?format=api", "vulnerability_id": "VCID-mxhd-tkw3-vfd1", "summary": "Bitcoin Core 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 0.16.x before 0.16.3 and Bitcoin Knots 0.14.x through 0.16.x before 0.16.3 allow a remote denial of service (application crash) exploitable by miners via duplicate input. An attacker can make bitcoind or Bitcoin-Qt crash.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-17144", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.51467", "scoring_system": "epss", "scoring_elements": "0.97889", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.51467", "scoring_system": "epss", "scoring_elements": "0.97877", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.51467", "scoring_system": "epss", "scoring_elements": "0.97881", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.51467", "scoring_system": "epss", "scoring_elements": "0.97884", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.51467", "scoring_system": "epss", "scoring_elements": "0.97887", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.51467", "scoring_system": "epss", "scoring_elements": "0.97888", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.53268", "scoring_system": "epss", "scoring_elements": "0.97957", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.53268", "scoring_system": "epss", "scoring_elements": "0.9796", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.53268", "scoring_system": "epss", "scoring_elements": "0.97962", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-17144" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17144", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17144" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://security.archlinux.org/ASA-201809-1", "reference_id": "ASA-201809-1", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201809-1" }, { "reference_url": "https://security.archlinux.org/ASA-201809-2", "reference_id": "ASA-201809-2", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201809-2" }, { "reference_url": "https://security.archlinux.org/AVG-766", "reference_id": "AVG-766", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-766" }, { "reference_url": "https://security.archlinux.org/AVG-768", "reference_id": "AVG-768", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-768" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374366?format=api", "purl": "pkg:alpm/archlinux/bitcoin-qt@0.16.3-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bitcoin-qt@0.16.3-1" } ], "aliases": [ "CVE-2018-17144" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mxhd-tkw3-vfd1" } ], "fixing_vulnerabilities": [], "risk_score": "3.1", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bitcoin-qt@0.16.2-2" }, { "url": "http://public2.vulnerablecode.io/api/packages/374366?format=api", "purl": "pkg:alpm/archlinux/bitcoin-qt@0.16.3-1", "type": "alpm", "namespace": "archlinux", "name": "bitcoin-qt", "version": "0.16.3-1", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/93586?format=api", "vulnerability_id": "VCID-mxhd-tkw3-vfd1", "summary": "Bitcoin Core 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 0.16.x before 0.16.3 and Bitcoin Knots 0.14.x through 0.16.x before 0.16.3 allow a remote denial of service (application crash) exploitable by miners via duplicate input. An attacker can make bitcoind or Bitcoin-Qt crash.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-17144", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.51467", "scoring_system": "epss", "scoring_elements": "0.97889", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.51467", "scoring_system": "epss", "scoring_elements": "0.97877", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.51467", "scoring_system": "epss", "scoring_elements": "0.97881", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.51467", "scoring_system": "epss", "scoring_elements": "0.97884", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.51467", "scoring_system": "epss", "scoring_elements": "0.97887", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.51467", "scoring_system": "epss", "scoring_elements": "0.97888", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.53268", "scoring_system": "epss", "scoring_elements": "0.97957", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.53268", "scoring_system": "epss", "scoring_elements": "0.9796", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.53268", "scoring_system": "epss", "scoring_elements": "0.97962", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-17144" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17144", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17144" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://security.archlinux.org/ASA-201809-1", "reference_id": "ASA-201809-1", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201809-1" }, { "reference_url": "https://security.archlinux.org/ASA-201809-2", "reference_id": "ASA-201809-2", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201809-2" }, { "reference_url": "https://security.archlinux.org/AVG-766", "reference_id": "AVG-766", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-766" }, { "reference_url": "https://security.archlinux.org/AVG-768", "reference_id": "AVG-768", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-768" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374366?format=api", "purl": "pkg:alpm/archlinux/bitcoin-qt@0.16.3-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bitcoin-qt@0.16.3-1" } ], "aliases": [ "CVE-2018-17144" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mxhd-tkw3-vfd1" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bitcoin-qt@0.16.3-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/374363?format=api", "purl": "pkg:alpm/archlinux/bitcoin-tx@0.16.2-2", "type": "alpm", "namespace": "archlinux", "name": "bitcoin-tx", "version": "0.16.2-2", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "0.16.3-1", "latest_non_vulnerable_version": "0.16.3-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/93586?format=api", "vulnerability_id": "VCID-mxhd-tkw3-vfd1", "summary": "Bitcoin Core 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 0.16.x before 0.16.3 and Bitcoin Knots 0.14.x through 0.16.x before 0.16.3 allow a remote denial of service (application crash) exploitable by miners via duplicate input. An attacker can make bitcoind or Bitcoin-Qt crash.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-17144", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.51467", "scoring_system": "epss", "scoring_elements": "0.97889", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.51467", "scoring_system": "epss", "scoring_elements": "0.97877", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.51467", "scoring_system": "epss", "scoring_elements": "0.97881", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.51467", "scoring_system": "epss", "scoring_elements": "0.97884", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.51467", "scoring_system": "epss", "scoring_elements": "0.97887", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.51467", "scoring_system": "epss", "scoring_elements": "0.97888", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.53268", "scoring_system": "epss", "scoring_elements": "0.97957", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.53268", "scoring_system": "epss", "scoring_elements": "0.9796", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.53268", "scoring_system": "epss", "scoring_elements": "0.97962", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-17144" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17144", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17144" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://security.archlinux.org/ASA-201809-1", "reference_id": "ASA-201809-1", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201809-1" }, { "reference_url": "https://security.archlinux.org/ASA-201809-2", "reference_id": "ASA-201809-2", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201809-2" }, { "reference_url": "https://security.archlinux.org/AVG-766", "reference_id": "AVG-766", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-766" }, { "reference_url": "https://security.archlinux.org/AVG-768", "reference_id": "AVG-768", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-768" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374364?format=api", "purl": "pkg:alpm/archlinux/bitcoin-tx@0.16.3-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bitcoin-tx@0.16.3-1" } ], "aliases": [ "CVE-2018-17144" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mxhd-tkw3-vfd1" } ], "fixing_vulnerabilities": [], "risk_score": "3.1", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bitcoin-tx@0.16.2-2" }, { "url": "http://public2.vulnerablecode.io/api/packages/374364?format=api", "purl": "pkg:alpm/archlinux/bitcoin-tx@0.16.3-1", "type": "alpm", "namespace": "archlinux", "name": "bitcoin-tx", "version": "0.16.3-1", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/93586?format=api", "vulnerability_id": "VCID-mxhd-tkw3-vfd1", "summary": "Bitcoin Core 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 0.16.x before 0.16.3 and Bitcoin Knots 0.14.x through 0.16.x before 0.16.3 allow a remote denial of service (application crash) exploitable by miners via duplicate input. An attacker can make bitcoind or Bitcoin-Qt crash.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-17144", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.51467", "scoring_system": "epss", "scoring_elements": "0.97889", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.51467", "scoring_system": "epss", "scoring_elements": "0.97877", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.51467", "scoring_system": "epss", "scoring_elements": "0.97881", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.51467", "scoring_system": "epss", "scoring_elements": "0.97884", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.51467", "scoring_system": "epss", "scoring_elements": "0.97887", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.51467", "scoring_system": "epss", "scoring_elements": "0.97888", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.53268", "scoring_system": "epss", "scoring_elements": "0.97957", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.53268", "scoring_system": "epss", "scoring_elements": "0.9796", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.53268", "scoring_system": "epss", "scoring_elements": "0.97962", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-17144" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17144", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17144" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://security.archlinux.org/ASA-201809-1", "reference_id": "ASA-201809-1", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201809-1" }, { "reference_url": "https://security.archlinux.org/ASA-201809-2", "reference_id": "ASA-201809-2", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201809-2" }, { "reference_url": "https://security.archlinux.org/AVG-766", "reference_id": "AVG-766", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-766" }, { "reference_url": "https://security.archlinux.org/AVG-768", "reference_id": "AVG-768", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-768" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374364?format=api", "purl": "pkg:alpm/archlinux/bitcoin-tx@0.16.3-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bitcoin-tx@0.16.3-1" } ], "aliases": [ "CVE-2018-17144" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mxhd-tkw3-vfd1" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bitcoin-tx@0.16.3-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/370922?format=api", "purl": "pkg:alpm/archlinux/blender@17:3.0.1-6", "type": "alpm", "namespace": "archlinux", "name": "blender", "version": "17:3.0.1-6", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "17:3.1.0-1", "latest_non_vulnerable_version": "17:3.1.0-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37518?format=api", "vulnerability_id": "VCID-3feg-t1sc-puhk", "summary": "Multiple vulnerabilities have been discovered in Blender, the worst of which could lead to arbitrary code execution.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0546", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00503", "scoring_system": "epss", "scoring_elements": "0.66082", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00503", "scoring_system": "epss", "scoring_elements": "0.66112", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00504", "scoring_system": "epss", "scoring_elements": "0.66148", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00504", "scoring_system": "epss", "scoring_elements": "0.66116", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00504", "scoring_system": "epss", "scoring_elements": "0.66079", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00504", "scoring_system": "epss", "scoring_elements": "0.66178", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00504", "scoring_system": "epss", "scoring_elements": "0.66197", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00504", "scoring_system": "epss", "scoring_elements": "0.66165", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00504", "scoring_system": "epss", "scoring_elements": "0.66121", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0546" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0544", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0544" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0545", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0545" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0546", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0546" }, { "reference_url": "https://security.archlinux.org/AVG-2799", "reference_id": "AVG-2799", "reference_type": "", "scores": [ { "value": "Unknown", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2799" }, { "reference_url": "https://security.gentoo.org/glsa/202403-02", "reference_id": "GLSA-202403-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202403-02" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/370923?format=api", "purl": "pkg:alpm/archlinux/blender@17:3.1.0-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/blender@17:3.1.0-1" } ], "aliases": [ "CVE-2022-0546" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3feg-t1sc-puhk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37515?format=api", "vulnerability_id": "VCID-anrz-grzm-bued", "summary": "Multiple vulnerabilities have been discovered in Blender, the worst of which could lead to arbitrary code execution.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0545", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00375", "scoring_system": "epss", "scoring_elements": "0.59111", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00375", "scoring_system": "epss", "scoring_elements": "0.5913", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00376", "scoring_system": "epss", "scoring_elements": "0.5916", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00376", "scoring_system": "epss", "scoring_elements": "0.59124", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00376", "scoring_system": "epss", "scoring_elements": "0.59063", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00376", "scoring_system": "epss", "scoring_elements": "0.59188", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00376", "scoring_system": "epss", "scoring_elements": "0.59208", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00376", "scoring_system": "epss", "scoring_elements": "0.59175", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00376", "scoring_system": "epss", "scoring_elements": "0.59136", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0545" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0544", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0544" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0545", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0545" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0546", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0546" }, { "reference_url": "https://security.archlinux.org/AVG-2799", "reference_id": "AVG-2799", "reference_type": "", "scores": [ { "value": "Unknown", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2799" }, { "reference_url": "https://security.gentoo.org/glsa/202403-02", "reference_id": "GLSA-202403-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202403-02" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/370923?format=api", "purl": "pkg:alpm/archlinux/blender@17:3.1.0-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/blender@17:3.1.0-1" } ], "aliases": [ "CVE-2022-0545" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-anrz-grzm-bued" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37511?format=api", "vulnerability_id": "VCID-qsqj-j8s1-6qfq", "summary": "Multiple vulnerabilities have been discovered in Blender, the worst of which could lead to arbitrary code execution.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0544", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.33991", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.33811", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.34149", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.34181", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.34041", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.34084", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.34115", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.34113", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.34014", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0544" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0544", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0544" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0545", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0545" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0546", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0546" }, { "reference_url": "https://security.archlinux.org/AVG-2799", "reference_id": "AVG-2799", "reference_type": "", "scores": [ { "value": "Unknown", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2799" }, { "reference_url": "https://security.gentoo.org/glsa/202403-02", "reference_id": "GLSA-202403-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202403-02" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/370923?format=api", "purl": "pkg:alpm/archlinux/blender@17:3.1.0-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/blender@17:3.1.0-1" } ], "aliases": [ "CVE-2022-0544" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qsqj-j8s1-6qfq" } ], "fixing_vulnerabilities": [], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/blender@17:3.0.1-6" }, { "url": "http://public2.vulnerablecode.io/api/packages/370923?format=api", "purl": "pkg:alpm/archlinux/blender@17:3.1.0-1", "type": "alpm", "namespace": "archlinux", "name": "blender", "version": "17:3.1.0-1", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37518?format=api", "vulnerability_id": "VCID-3feg-t1sc-puhk", "summary": "Multiple vulnerabilities have been discovered in Blender, the worst of which could lead to arbitrary code execution.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0546", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00503", "scoring_system": "epss", "scoring_elements": "0.66082", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00503", "scoring_system": "epss", "scoring_elements": "0.66112", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00504", "scoring_system": "epss", "scoring_elements": "0.66148", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00504", "scoring_system": "epss", "scoring_elements": "0.66116", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00504", "scoring_system": "epss", "scoring_elements": "0.66079", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00504", "scoring_system": "epss", "scoring_elements": "0.66178", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00504", "scoring_system": "epss", "scoring_elements": "0.66197", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00504", "scoring_system": "epss", "scoring_elements": "0.66165", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00504", "scoring_system": "epss", "scoring_elements": "0.66121", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0546" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0544", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0544" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0545", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0545" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0546", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0546" }, { "reference_url": "https://security.archlinux.org/AVG-2799", "reference_id": "AVG-2799", "reference_type": "", "scores": [ { "value": "Unknown", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2799" }, { "reference_url": "https://security.gentoo.org/glsa/202403-02", "reference_id": "GLSA-202403-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202403-02" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/370923?format=api", "purl": "pkg:alpm/archlinux/blender@17:3.1.0-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/blender@17:3.1.0-1" } ], "aliases": [ "CVE-2022-0546" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3feg-t1sc-puhk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37515?format=api", "vulnerability_id": "VCID-anrz-grzm-bued", "summary": "Multiple vulnerabilities have been discovered in Blender, the worst of which could lead to arbitrary code execution.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0545", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00375", "scoring_system": "epss", "scoring_elements": "0.59111", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00375", "scoring_system": "epss", "scoring_elements": "0.5913", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00376", "scoring_system": "epss", "scoring_elements": "0.5916", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00376", "scoring_system": "epss", "scoring_elements": "0.59124", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00376", "scoring_system": "epss", "scoring_elements": "0.59063", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00376", "scoring_system": "epss", "scoring_elements": "0.59188", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00376", "scoring_system": "epss", "scoring_elements": "0.59208", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00376", "scoring_system": "epss", "scoring_elements": "0.59175", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00376", "scoring_system": "epss", "scoring_elements": "0.59136", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0545" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0544", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0544" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0545", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0545" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0546", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0546" }, { "reference_url": "https://security.archlinux.org/AVG-2799", "reference_id": "AVG-2799", "reference_type": "", "scores": [ { "value": "Unknown", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2799" }, { "reference_url": "https://security.gentoo.org/glsa/202403-02", "reference_id": "GLSA-202403-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202403-02" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/370923?format=api", "purl": "pkg:alpm/archlinux/blender@17:3.1.0-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/blender@17:3.1.0-1" } ], "aliases": [ "CVE-2022-0545" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-anrz-grzm-bued" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37511?format=api", "vulnerability_id": "VCID-qsqj-j8s1-6qfq", "summary": "Multiple vulnerabilities have been discovered in Blender, the worst of which could lead to arbitrary code execution.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0544", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.33991", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.33811", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.34149", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.34181", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.34041", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.34084", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.34115", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.34113", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.34014", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0544" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0544", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0544" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0545", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0545" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0546", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0546" }, { "reference_url": "https://security.archlinux.org/AVG-2799", "reference_id": "AVG-2799", "reference_type": "", "scores": [ { "value": "Unknown", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2799" }, { "reference_url": "https://security.gentoo.org/glsa/202403-02", "reference_id": "GLSA-202403-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202403-02" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/370923?format=api", "purl": "pkg:alpm/archlinux/blender@17:3.1.0-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/blender@17:3.1.0-1" } ], "aliases": [ "CVE-2022-0544" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qsqj-j8s1-6qfq" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/blender@17:3.1.0-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/372274?format=api", "purl": "pkg:alpm/archlinux/blueman@2.1.3-1", "type": "alpm", "namespace": "archlinux", "name": "blueman", "version": "2.1.3-1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.1.4-1", "latest_non_vulnerable_version": "2.1.4-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62553?format=api", "vulnerability_id": "VCID-jgqj-mqt7-vucy", "summary": "A privilege escalation vulnerability has been discovered in\n Blueman.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15238", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00451", "scoring_system": "epss", "scoring_elements": "0.63697", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00451", "scoring_system": "epss", "scoring_elements": "0.63616", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00451", "scoring_system": "epss", "scoring_elements": "0.63676", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00451", "scoring_system": "epss", "scoring_elements": "0.63702", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00451", "scoring_system": "epss", "scoring_elements": "0.63662", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00451", "scoring_system": "epss", "scoring_elements": "0.63714", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00451", "scoring_system": "epss", "scoring_elements": "0.6373", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00451", "scoring_system": "epss", "scoring_elements": "0.63745", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00451", "scoring_system": "epss", "scoring_elements": "0.63731", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15238" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15238", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15238" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973718", "reference_id": "973718", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973718" }, { "reference_url": "https://security.archlinux.org/ASA-202012-12", "reference_id": "ASA-202012-12", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202012-12" }, { "reference_url": "https://security.archlinux.org/AVG-1259", "reference_id": "AVG-1259", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1259" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/48963.txt", "reference_id": "CVE-2020-15238", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/48963.txt" }, { "reference_url": "https://security.gentoo.org/glsa/202011-11", "reference_id": "GLSA-202011-11", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202011-11" }, { "reference_url": "https://usn.ubuntu.com/4605-1/", "reference_id": "USN-4605-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4605-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372275?format=api", "purl": "pkg:alpm/archlinux/blueman@2.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/blueman@2.1.4-1" } ], "aliases": [ "CVE-2020-15238" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jgqj-mqt7-vucy" } ], "fixing_vulnerabilities": [], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/blueman@2.1.3-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/372275?format=api", "purl": "pkg:alpm/archlinux/blueman@2.1.4-1", "type": "alpm", "namespace": "archlinux", "name": "blueman", "version": "2.1.4-1", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62553?format=api", "vulnerability_id": "VCID-jgqj-mqt7-vucy", "summary": "A privilege escalation vulnerability has been discovered in\n Blueman.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15238", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00451", "scoring_system": "epss", "scoring_elements": "0.63697", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00451", "scoring_system": "epss", "scoring_elements": "0.63616", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00451", "scoring_system": "epss", "scoring_elements": "0.63676", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00451", "scoring_system": "epss", "scoring_elements": "0.63702", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00451", "scoring_system": "epss", "scoring_elements": "0.63662", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00451", "scoring_system": "epss", "scoring_elements": "0.63714", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00451", "scoring_system": "epss", "scoring_elements": "0.6373", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00451", "scoring_system": "epss", "scoring_elements": "0.63745", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00451", "scoring_system": "epss", "scoring_elements": "0.63731", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15238" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15238", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15238" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973718", "reference_id": "973718", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973718" }, { "reference_url": "https://security.archlinux.org/ASA-202012-12", "reference_id": "ASA-202012-12", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202012-12" }, { "reference_url": "https://security.archlinux.org/AVG-1259", "reference_id": "AVG-1259", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1259" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/48963.txt", "reference_id": "CVE-2020-15238", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/48963.txt" }, { "reference_url": "https://security.gentoo.org/glsa/202011-11", "reference_id": "GLSA-202011-11", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202011-11" }, { "reference_url": "https://usn.ubuntu.com/4605-1/", "reference_id": "USN-4605-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4605-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372275?format=api", "purl": "pkg:alpm/archlinux/blueman@2.1.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/blueman@2.1.4-1" } ], "aliases": [ "CVE-2020-15238" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jgqj-mqt7-vucy" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/blueman@2.1.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/372930?format=api", "purl": "pkg:alpm/archlinux/bluez@5.46-1", "type": "alpm", "namespace": "archlinux", "name": "bluez", "version": "5.46-1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "5.46-2", "latest_non_vulnerable_version": "5.63-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63536?format=api", "vulnerability_id": "VCID-yrc6-qjud-zqaf", "summary": "security update", "references": [ { "reference_url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561", "reference_id": "", "reference_type": "", "scores": [], "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000250.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000250.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2017-1000250", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/security/cve/CVE-2017-1000250" }, { "reference_url": "https://access.redhat.com/security/vulnerabilities/blueborne", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/security/vulnerabilities/blueborne" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-1000250", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.36932", "scoring_system": "epss", "scoring_elements": "0.97124", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.36932", "scoring_system": "epss", "scoring_elements": "0.97153", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.36932", "scoring_system": "epss", "scoring_elements": "0.97136", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.36932", "scoring_system": "epss", "scoring_elements": "0.97137", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.36932", "scoring_system": "epss", "scoring_elements": "0.97147", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.36932", "scoring_system": "epss", "scoring_elements": "0.97151", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.36932", "scoring_system": "epss", "scoring_elements": "0.97152", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.36932", "scoring_system": "epss", "scoring_elements": "0.9713", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-1000250" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000250", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000250" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.6", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:P/I:N/A:N" }, { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://www.armis.com/blueborne", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.armis.com/blueborne" }, { "reference_url": "https://www.kb.cert.org/vuls/id/240311", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.kb.cert.org/vuls/id/240311" }, { "reference_url": "https://www.synology.com/support/security/Synology_SA_17_52_BlueBorne", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.synology.com/support/security/Synology_SA_17_52_BlueBorne" }, { "reference_url": "http://www.debian.org/security/2017/dsa-3972", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2017/dsa-3972" }, { "reference_url": "http://www.securityfocus.com/bid/100814", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/100814" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1489446", "reference_id": "1489446", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1489446" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=875633", "reference_id": "875633", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=875633" }, { "reference_url": "https://security.archlinux.org/ASA-201709-3", "reference_id": "ASA-201709-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201709-3" }, { "reference_url": "https://security.archlinux.org/AVG-396", "reference_id": "AVG-396", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-396" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bluez:bluez:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:bluez:bluez:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bluez:bluez:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000250", "reference_id": "CVE-2017-1000250", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv2", "scoring_elements": "AV:A/AC:L/Au:N/C:P/I:N/A:N" }, { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000250" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2685", "reference_id": "RHSA-2017:2685", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2685" }, { "reference_url": "https://usn.ubuntu.com/3413-1/", "reference_id": "USN-3413-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3413-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372931?format=api", "purl": "pkg:alpm/archlinux/bluez@5.46-2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bluez@5.46-2" } ], "aliases": [ "CVE-2017-1000250" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yrc6-qjud-zqaf" } ], "fixing_vulnerabilities": [], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bluez@5.46-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/372931?format=api", "purl": "pkg:alpm/archlinux/bluez@5.46-2", "type": "alpm", "namespace": "archlinux", "name": "bluez", "version": "5.46-2", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "5.54-1", "latest_non_vulnerable_version": "5.63-1", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63536?format=api", "vulnerability_id": "VCID-yrc6-qjud-zqaf", "summary": "security update", "references": [ { "reference_url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561", "reference_id": "", "reference_type": "", "scores": [], "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000250.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000250.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2017-1000250", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/security/cve/CVE-2017-1000250" }, { "reference_url": "https://access.redhat.com/security/vulnerabilities/blueborne", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/security/vulnerabilities/blueborne" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-1000250", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.36932", "scoring_system": "epss", "scoring_elements": "0.97124", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.36932", "scoring_system": "epss", "scoring_elements": "0.97153", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.36932", "scoring_system": "epss", "scoring_elements": "0.97136", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.36932", "scoring_system": "epss", "scoring_elements": "0.97137", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.36932", "scoring_system": "epss", "scoring_elements": "0.97147", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.36932", "scoring_system": "epss", "scoring_elements": "0.97151", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.36932", "scoring_system": "epss", "scoring_elements": "0.97152", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.36932", "scoring_system": "epss", "scoring_elements": "0.9713", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-1000250" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000250", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000250" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.6", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:P/I:N/A:N" }, { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://www.armis.com/blueborne", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.armis.com/blueborne" }, { "reference_url": "https://www.kb.cert.org/vuls/id/240311", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.kb.cert.org/vuls/id/240311" }, { "reference_url": "https://www.synology.com/support/security/Synology_SA_17_52_BlueBorne", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.synology.com/support/security/Synology_SA_17_52_BlueBorne" }, { "reference_url": "http://www.debian.org/security/2017/dsa-3972", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2017/dsa-3972" }, { "reference_url": "http://www.securityfocus.com/bid/100814", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/100814" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1489446", "reference_id": "1489446", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1489446" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=875633", "reference_id": "875633", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=875633" }, { "reference_url": "https://security.archlinux.org/ASA-201709-3", "reference_id": "ASA-201709-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201709-3" }, { "reference_url": "https://security.archlinux.org/AVG-396", "reference_id": "AVG-396", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-396" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bluez:bluez:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:bluez:bluez:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bluez:bluez:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000250", "reference_id": "CVE-2017-1000250", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv2", "scoring_elements": "AV:A/AC:L/Au:N/C:P/I:N/A:N" }, { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000250" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2685", "reference_id": "RHSA-2017:2685", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2685" }, { "reference_url": "https://usn.ubuntu.com/3413-1/", "reference_id": "USN-3413-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3413-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372931?format=api", "purl": "pkg:alpm/archlinux/bluez@5.46-2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bluez@5.46-2" } ], "aliases": [ "CVE-2017-1000250" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yrc6-qjud-zqaf" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bluez@5.46-2" }, { "url": "http://public2.vulnerablecode.io/api/packages/372415?format=api", "purl": "pkg:alpm/archlinux/bluez@5.53-1", "type": "alpm", "namespace": "archlinux", "name": "bluez", "version": "5.53-1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "5.54-1", "latest_non_vulnerable_version": "5.63-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62350?format=api", "vulnerability_id": "VCID-zyyf-565p-h7d6", "summary": "A vulnerability in BlueZ might allow remote attackers to bypass\n security restrictions.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00008.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00008.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00055.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00055.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-0556.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-0556.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-0556", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00161", "scoring_system": "epss", "scoring_elements": "0.36955", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00161", "scoring_system": "epss", "scoring_elements": "0.37002", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00161", "scoring_system": "epss", "scoring_elements": "0.37041", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00161", "scoring_system": "epss", "scoring_elements": "0.37053", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00161", "scoring_system": "epss", "scoring_elements": "0.37063", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00161", "scoring_system": "epss", "scoring_elements": "0.37029", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00161", "scoring_system": "epss", "scoring_elements": "0.37128", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00161", "scoring_system": "epss", "scoring_elements": "0.3716", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00161", "scoring_system": "epss", "scoring_elements": "0.3699", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-0556" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0556", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0556" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00008.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00008.html" }, { "reference_url": "https://www.debian.org/security/2020/dsa-4647", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2020/dsa-4647" }, { "reference_url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00352.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00352.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1814293", "reference_id": "1814293", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1814293" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953770", "reference_id": "953770", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953770" }, { "reference_url": "https://security.archlinux.org/ASA-202003-13", "reference_id": "ASA-202003-13", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202003-13" }, { "reference_url": "https://security.archlinux.org/AVG-1116", "reference_id": "AVG-1116", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1116" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bluez:bluez:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:bluez:bluez:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bluez:bluez:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0556", "reference_id": "CVE-2020-0556", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv2", "scoring_elements": "AV:A/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0556" }, { "reference_url": "https://security.gentoo.org/glsa/202003-49", "reference_id": "GLSA-202003-49", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202003-49" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4001", "reference_id": "RHSA-2020:4001", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4001" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4481", "reference_id": "RHSA-2020:4481", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4481" }, { "reference_url": "https://usn.ubuntu.com/4311-1/", "reference_id": "USN-4311-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4311-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372416?format=api", "purl": "pkg:alpm/archlinux/bluez@5.54-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bluez@5.54-1" } ], "aliases": [ "CVE-2020-0556" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zyyf-565p-h7d6" } ], "fixing_vulnerabilities": [], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bluez@5.53-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/372416?format=api", "purl": "pkg:alpm/archlinux/bluez@5.54-1", "type": "alpm", "namespace": "archlinux", "name": "bluez", "version": "5.54-1", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "5.56-1", "latest_non_vulnerable_version": "5.63-1", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62350?format=api", "vulnerability_id": "VCID-zyyf-565p-h7d6", "summary": "A vulnerability in BlueZ might allow remote attackers to bypass\n security restrictions.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00008.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00008.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00055.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00055.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-0556.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-0556.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-0556", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00161", "scoring_system": "epss", "scoring_elements": "0.36955", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00161", "scoring_system": "epss", "scoring_elements": "0.37002", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00161", "scoring_system": "epss", "scoring_elements": "0.37041", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00161", "scoring_system": "epss", "scoring_elements": "0.37053", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00161", "scoring_system": "epss", "scoring_elements": "0.37063", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00161", "scoring_system": "epss", "scoring_elements": "0.37029", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00161", "scoring_system": "epss", "scoring_elements": "0.37128", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00161", "scoring_system": "epss", "scoring_elements": "0.3716", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00161", "scoring_system": "epss", "scoring_elements": "0.3699", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-0556" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0556", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0556" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00008.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00008.html" }, { "reference_url": "https://www.debian.org/security/2020/dsa-4647", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2020/dsa-4647" }, { "reference_url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00352.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00352.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1814293", "reference_id": "1814293", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1814293" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953770", "reference_id": "953770", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953770" }, { "reference_url": "https://security.archlinux.org/ASA-202003-13", "reference_id": "ASA-202003-13", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202003-13" }, { "reference_url": "https://security.archlinux.org/AVG-1116", "reference_id": "AVG-1116", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1116" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bluez:bluez:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:bluez:bluez:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bluez:bluez:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0556", "reference_id": "CVE-2020-0556", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv2", "scoring_elements": "AV:A/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0556" }, { "reference_url": "https://security.gentoo.org/glsa/202003-49", "reference_id": "GLSA-202003-49", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202003-49" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4001", "reference_id": "RHSA-2020:4001", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4001" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4481", "reference_id": "RHSA-2020:4481", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4481" }, { "reference_url": "https://usn.ubuntu.com/4311-1/", "reference_id": "USN-4311-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4311-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372416?format=api", "purl": "pkg:alpm/archlinux/bluez@5.54-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bluez@5.54-1" } ], "aliases": [ "CVE-2020-0556" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zyyf-565p-h7d6" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bluez@5.54-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/373698?format=api", "purl": "pkg:alpm/archlinux/bluez@5.55-3", "type": "alpm", "namespace": "archlinux", "name": "bluez", "version": "5.55-3", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "5.56-1", "latest_non_vulnerable_version": "5.63-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62512?format=api", "vulnerability_id": "VCID-6d8c-y2y7-t3cj", "summary": "Multiple vulnerabilities have been discovered in BlueZ, the worst of which could result in arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3588.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3588.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3588", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00121", "scoring_system": "epss", "scoring_elements": "0.31148", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00121", "scoring_system": "epss", "scoring_elements": "0.31139", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00121", "scoring_system": "epss", "scoring_elements": "0.31226", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00121", "scoring_system": "epss", "scoring_elements": "0.31182", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00121", "scoring_system": "epss", "scoring_elements": "0.31276", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00121", "scoring_system": "epss", "scoring_elements": "0.31317", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00121", "scoring_system": "epss", "scoring_elements": "0.31137", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00121", "scoring_system": "epss", "scoring_elements": "0.3119", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00121", "scoring_system": "epss", "scoring_elements": "0.31221", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3588" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3588", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3588" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1970592", "reference_id": "1970592", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1970592" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989700", "reference_id": "989700", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989700" }, { "reference_url": "https://security.archlinux.org/AVG-2061", "reference_id": "AVG-2061", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2061" }, { "reference_url": "https://security.gentoo.org/glsa/202209-16", "reference_id": "GLSA-202209-16", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202209-16" }, { "reference_url": "https://usn.ubuntu.com/4989-1/", "reference_id": "USN-4989-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4989-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373699?format=api", "purl": "pkg:alpm/archlinux/bluez@5.56-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bluez@5.56-1" } ], "aliases": [ "CVE-2021-3588" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6d8c-y2y7-t3cj" } ], "fixing_vulnerabilities": [], "risk_score": "3.1", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bluez@5.55-3" }, { "url": "http://public2.vulnerablecode.io/api/packages/373699?format=api", "purl": "pkg:alpm/archlinux/bluez@5.56-1", "type": "alpm", "namespace": "archlinux", "name": "bluez", "version": "5.56-1", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "5.57-1", "latest_non_vulnerable_version": "5.63-1", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62512?format=api", "vulnerability_id": "VCID-6d8c-y2y7-t3cj", "summary": "Multiple vulnerabilities have been discovered in BlueZ, the worst of which could result in arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3588.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3588.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3588", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00121", "scoring_system": "epss", "scoring_elements": "0.31148", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00121", "scoring_system": "epss", "scoring_elements": "0.31139", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00121", "scoring_system": "epss", "scoring_elements": "0.31226", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00121", "scoring_system": "epss", "scoring_elements": "0.31182", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00121", "scoring_system": "epss", "scoring_elements": "0.31276", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00121", "scoring_system": "epss", "scoring_elements": "0.31317", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00121", "scoring_system": "epss", "scoring_elements": "0.31137", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00121", "scoring_system": "epss", "scoring_elements": "0.3119", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00121", "scoring_system": "epss", "scoring_elements": "0.31221", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3588" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3588", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3588" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1970592", "reference_id": "1970592", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1970592" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989700", "reference_id": "989700", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989700" }, { "reference_url": "https://security.archlinux.org/AVG-2061", "reference_id": "AVG-2061", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2061" }, { "reference_url": "https://security.gentoo.org/glsa/202209-16", "reference_id": "GLSA-202209-16", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202209-16" }, { "reference_url": "https://usn.ubuntu.com/4989-1/", "reference_id": "USN-4989-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4989-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373699?format=api", "purl": "pkg:alpm/archlinux/bluez@5.56-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bluez@5.56-1" } ], "aliases": [ "CVE-2021-3588" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6d8c-y2y7-t3cj" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bluez@5.56-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/373703?format=api", "purl": "pkg:alpm/archlinux/bluez@5.56-2", "type": "alpm", "namespace": "archlinux", "name": "bluez", "version": "5.56-2", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "5.57-1", "latest_non_vulnerable_version": "5.63-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62510?format=api", "vulnerability_id": "VCID-ctaf-8vuf-tqgg", "summary": "Multiple vulnerabilities have been discovered in BlueZ, the worst of which could result in arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-26558.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-26558.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-26558", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06206", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06312", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06337", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06329", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06324", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.0624", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06271", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.0625", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06296", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-26558" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26558", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26558" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27153", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27153" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0129", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0129" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1918602", "reference_id": "1918602", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1918602" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989614", "reference_id": "989614", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989614" }, { "reference_url": "https://security.archlinux.org/AVG-2049", "reference_id": "AVG-2049", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2049" }, { "reference_url": "https://security.archlinux.org/AVG-2050", "reference_id": "AVG-2050", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2050" }, { "reference_url": "https://security.gentoo.org/glsa/202209-16", "reference_id": "GLSA-202209-16", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202209-16" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4432", "reference_id": "RHSA-2021:4432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4432" }, { "reference_url": "https://usn.ubuntu.com/4989-1/", "reference_id": "USN-4989-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4989-1/" }, { "reference_url": "https://usn.ubuntu.com/4989-2/", "reference_id": "USN-4989-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4989-2/" }, { "reference_url": "https://usn.ubuntu.com/5017-1/", "reference_id": "USN-5017-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5017-1/" }, { "reference_url": "https://usn.ubuntu.com/5018-1/", "reference_id": "USN-5018-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5018-1/" }, { "reference_url": "https://usn.ubuntu.com/5046-1/", "reference_id": "USN-5046-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5046-1/" }, { "reference_url": "https://usn.ubuntu.com/5050-1/", "reference_id": "USN-5050-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5050-1/" }, { "reference_url": "https://usn.ubuntu.com/5299-1/", "reference_id": "USN-5299-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5299-1/" }, { "reference_url": "https://usn.ubuntu.com/5343-1/", "reference_id": "USN-5343-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5343-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373704?format=api", "purl": "pkg:alpm/archlinux/bluez@5.57-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bluez@5.57-1" } ], "aliases": [ "CVE-2020-26558" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ctaf-8vuf-tqgg" } ], "fixing_vulnerabilities": [], "risk_score": "3.1", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bluez@5.56-2" }, { "url": "http://public2.vulnerablecode.io/api/packages/373704?format=api", "purl": "pkg:alpm/archlinux/bluez@5.57-1", "type": "alpm", "namespace": "archlinux", "name": "bluez", "version": "5.57-1", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "5.61-1", "latest_non_vulnerable_version": "5.63-1", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62510?format=api", "vulnerability_id": "VCID-ctaf-8vuf-tqgg", "summary": "Multiple vulnerabilities have been discovered in BlueZ, the worst of which could result in arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-26558.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-26558.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-26558", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06206", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06312", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06337", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06329", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06324", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.0624", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06271", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.0625", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06296", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-26558" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26558", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26558" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27153", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27153" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0129", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0129" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1918602", "reference_id": "1918602", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1918602" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989614", "reference_id": "989614", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989614" }, { "reference_url": "https://security.archlinux.org/AVG-2049", "reference_id": "AVG-2049", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2049" }, { "reference_url": "https://security.archlinux.org/AVG-2050", "reference_id": "AVG-2050", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2050" }, { "reference_url": "https://security.gentoo.org/glsa/202209-16", "reference_id": "GLSA-202209-16", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202209-16" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4432", "reference_id": "RHSA-2021:4432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4432" }, { "reference_url": "https://usn.ubuntu.com/4989-1/", "reference_id": "USN-4989-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4989-1/" }, { "reference_url": "https://usn.ubuntu.com/4989-2/", "reference_id": "USN-4989-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4989-2/" }, { "reference_url": "https://usn.ubuntu.com/5017-1/", "reference_id": "USN-5017-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5017-1/" }, { "reference_url": "https://usn.ubuntu.com/5018-1/", "reference_id": "USN-5018-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5018-1/" }, { "reference_url": "https://usn.ubuntu.com/5046-1/", "reference_id": "USN-5046-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5046-1/" }, { "reference_url": "https://usn.ubuntu.com/5050-1/", "reference_id": "USN-5050-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5050-1/" }, { "reference_url": "https://usn.ubuntu.com/5299-1/", "reference_id": "USN-5299-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5299-1/" }, { "reference_url": "https://usn.ubuntu.com/5343-1/", "reference_id": "USN-5343-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5343-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373704?format=api", "purl": "pkg:alpm/archlinux/bluez@5.57-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bluez@5.57-1" } ], "aliases": [ "CVE-2020-26558" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ctaf-8vuf-tqgg" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bluez@5.57-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/374767?format=api", "purl": "pkg:alpm/archlinux/bluez@5.60-1", "type": "alpm", "namespace": "archlinux", "name": "bluez", "version": "5.60-1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "5.61-1", "latest_non_vulnerable_version": "5.63-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/80129?format=api", "vulnerability_id": "VCID-15pa-mh4x-13ch", "summary": "bluez: adapter incorrectly restores Discoverable state after powered down", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3658.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3658.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3658", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.22114", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.22155", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.22256", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.22215", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.22273", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.22315", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.22101", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.22183", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.22237", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3658" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3658", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3658" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1984728", "reference_id": "1984728", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1984728" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991596", "reference_id": "991596", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991596" }, { "reference_url": "https://security.archlinux.org/AVG-2231", "reference_id": "AVG-2231", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2231" }, { "reference_url": "https://usn.ubuntu.com/5155-1/", "reference_id": "USN-5155-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5155-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374768?format=api", "purl": "pkg:alpm/archlinux/bluez@5.61-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bluez@5.61-1" } ], "aliases": [ "CVE-2021-3658" ], "risk_score": 2.0, "exploitability": "0.5", "weighted_severity": "4.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-15pa-mh4x-13ch" } ], "fixing_vulnerabilities": [], "risk_score": "2.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bluez@5.60-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/374768?format=api", "purl": "pkg:alpm/archlinux/bluez@5.61-1", "type": "alpm", "namespace": "archlinux", "name": "bluez", "version": "5.61-1", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "5.63-1", "latest_non_vulnerable_version": "5.63-1", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/80129?format=api", "vulnerability_id": "VCID-15pa-mh4x-13ch", "summary": "bluez: adapter incorrectly restores Discoverable state after powered down", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3658.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3658.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3658", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.22114", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.22155", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.22256", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.22215", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.22273", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.22315", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.22101", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.22183", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.22237", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3658" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3658", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3658" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1984728", "reference_id": "1984728", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1984728" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991596", "reference_id": "991596", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991596" }, { "reference_url": "https://security.archlinux.org/AVG-2231", "reference_id": "AVG-2231", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2231" }, { "reference_url": "https://usn.ubuntu.com/5155-1/", "reference_id": "USN-5155-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5155-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374768?format=api", "purl": "pkg:alpm/archlinux/bluez@5.61-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bluez@5.61-1" } ], "aliases": [ "CVE-2021-3658" ], "risk_score": 2.0, "exploitability": "0.5", "weighted_severity": "4.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-15pa-mh4x-13ch" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bluez@5.61-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/373277?format=api", "purl": "pkg:alpm/archlinux/bluez@5.62-1", "type": "alpm", "namespace": "archlinux", "name": "bluez", "version": "5.62-1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "5.63-1", "latest_non_vulnerable_version": "5.63-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/79927?format=api", "vulnerability_id": "VCID-g2pd-d2mm-8fd3", "summary": "bluez: memory leak in the SDP protocol", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41229.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41229.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41229", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13504", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13482", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13568", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.1353", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13604", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13665", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13465", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13545", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13595", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41229" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41229", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41229" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1000262", "reference_id": "1000262", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1000262" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2025034", "reference_id": "2025034", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2025034" }, { "reference_url": "https://security.archlinux.org/AVG-2553", "reference_id": "AVG-2553", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2553" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:2081", "reference_id": "RHSA-2022:2081", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:2081" }, { "reference_url": "https://usn.ubuntu.com/5155-1/", "reference_id": "USN-5155-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5155-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373278?format=api", "purl": "pkg:alpm/archlinux/bluez@5.63-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bluez@5.63-1" } ], "aliases": [ "CVE-2021-41229" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g2pd-d2mm-8fd3" } ], "fixing_vulnerabilities": [], "risk_score": "3.1", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bluez@5.62-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/373278?format=api", "purl": "pkg:alpm/archlinux/bluez@5.63-1", "type": "alpm", "namespace": "archlinux", "name": "bluez", "version": "5.63-1", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/79927?format=api", "vulnerability_id": "VCID-g2pd-d2mm-8fd3", "summary": "bluez: memory leak in the SDP protocol", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41229.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41229.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41229", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13504", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13482", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13568", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.1353", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13604", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13665", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13465", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13545", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13595", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41229" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41229", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41229" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1000262", "reference_id": "1000262", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1000262" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2025034", "reference_id": "2025034", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2025034" }, { "reference_url": "https://security.archlinux.org/AVG-2553", "reference_id": "AVG-2553", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2553" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:2081", "reference_id": "RHSA-2022:2081", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:2081" }, { "reference_url": "https://usn.ubuntu.com/5155-1/", "reference_id": "USN-5155-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5155-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373278?format=api", "purl": "pkg:alpm/archlinux/bluez@5.63-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bluez@5.63-1" } ], "aliases": [ "CVE-2021-41229" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g2pd-d2mm-8fd3" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bluez@5.63-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/374502?format=api", "purl": "pkg:alpm/archlinux/botan@2.2.0-1", "type": "alpm", "namespace": "archlinux", "name": "botan", "version": "2.2.0-1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.3.0-1", "latest_non_vulnerable_version": "2.18.2-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/167615?format=api", "vulnerability_id": "VCID-8nmu-s87y-wycj", "summary": "A cryptographic cache-based side channel in the RSA implementation in Botan before 1.10.17, and 1.11.x and 2.x before 2.3.0, allows a local attacker to recover information about RSA secret keys, as demonstrated by CacheD. This occurs because an array is indexed with bits derived from a secret key.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-14737", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16167", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16227", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16293", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16275", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16235", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16096", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.1628", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16341", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16141", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-14737" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "1", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:H/Au:S/C:P/I:N/A:N" }, { "value": "4.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/randombit/botan/issues/1222", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/randombit/botan/issues/1222" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00006.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00006.html" }, { "reference_url": "https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/wang-shuai", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/wang-shuai" }, { "reference_url": "https://security.archlinux.org/ASA-201710-17", "reference_id": "ASA-201710-17", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201710-17" }, { "reference_url": "https://security.archlinux.org/AVG-416", "reference_id": "AVG-416", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-416" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:botan_project:botan:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:botan_project:botan:1.11.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:botan_project:botan:1.11.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:botan_project:botan:1.11.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:botan_project:botan:1.11.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:botan_project:botan:1.11.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.13:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:botan_project:botan:1.11.13:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.13:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.14:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:botan_project:botan:1.11.14:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.14:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.15:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:botan_project:botan:1.11.15:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.15:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.16:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:botan_project:botan:1.11.16:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.16:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.17:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:botan_project:botan:1.11.17:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.17:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.18:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:botan_project:botan:1.11.18:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.18:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.19:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:botan_project:botan:1.11.19:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.19:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:botan_project:botan:1.11.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.20:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:botan_project:botan:1.11.20:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.20:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.21:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:botan_project:botan:1.11.21:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.21:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.22:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:botan_project:botan:1.11.22:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.22:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.23:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:botan_project:botan:1.11.23:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.23:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.24:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:botan_project:botan:1.11.24:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.24:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.25:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:botan_project:botan:1.11.25:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.25:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.26:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:botan_project:botan:1.11.26:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.26:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.27:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:botan_project:botan:1.11.27:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.27:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.28:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:botan_project:botan:1.11.28:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.28:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:botan_project:botan:1.11.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.33:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:botan_project:botan:1.11.33:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.33:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.34:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:botan_project:botan:1.11.34:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.34:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:botan_project:botan:1.11.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:botan_project:botan:1.11.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:botan_project:botan:1.11.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:botan_project:botan:1.11.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:botan_project:botan:1.11.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:botan_project:botan:1.11.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:2.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:botan_project:botan:2.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:2.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:2.0.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:botan_project:botan:2.0.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:2.0.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:2.1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:botan_project:botan:2.1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:2.1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:2.2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:botan_project:botan:2.2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:2.2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14737", "reference_id": "CVE-2017-14737", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:N/C:P/I:N/A:N" }, { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14737" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374503?format=api", "purl": "pkg:alpm/archlinux/botan@2.3.0-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/botan@2.3.0-1" } ], "aliases": [ "CVE-2017-14737" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8nmu-s87y-wycj" } ], "fixing_vulnerabilities": [], "risk_score": "3.1", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/botan@2.2.0-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/374503?format=api", "purl": "pkg:alpm/archlinux/botan@2.3.0-1", "type": "alpm", "namespace": "archlinux", "name": "botan", "version": "2.3.0-1", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "2.18.2-1", "latest_non_vulnerable_version": "2.18.2-1", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/167615?format=api", "vulnerability_id": "VCID-8nmu-s87y-wycj", "summary": "A cryptographic cache-based side channel in the RSA implementation in Botan before 1.10.17, and 1.11.x and 2.x before 2.3.0, allows a local attacker to recover information about RSA secret keys, as demonstrated by CacheD. This occurs because an array is indexed with bits derived from a secret key.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-14737", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16167", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16227", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16293", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16275", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16235", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16096", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.1628", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16341", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16141", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-14737" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "1", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:H/Au:S/C:P/I:N/A:N" }, { "value": "4.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/randombit/botan/issues/1222", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/randombit/botan/issues/1222" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00006.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00006.html" }, { "reference_url": "https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/wang-shuai", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/wang-shuai" }, { "reference_url": "https://security.archlinux.org/ASA-201710-17", "reference_id": "ASA-201710-17", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201710-17" }, { "reference_url": "https://security.archlinux.org/AVG-416", "reference_id": "AVG-416", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-416" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:botan_project:botan:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:botan_project:botan:1.11.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:botan_project:botan:1.11.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:botan_project:botan:1.11.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:botan_project:botan:1.11.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:botan_project:botan:1.11.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.13:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:botan_project:botan:1.11.13:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.13:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.14:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:botan_project:botan:1.11.14:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.14:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.15:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:botan_project:botan:1.11.15:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.15:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.16:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:botan_project:botan:1.11.16:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.16:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.17:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:botan_project:botan:1.11.17:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.17:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.18:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:botan_project:botan:1.11.18:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.18:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.19:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:botan_project:botan:1.11.19:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.19:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:botan_project:botan:1.11.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.20:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:botan_project:botan:1.11.20:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.20:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.21:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:botan_project:botan:1.11.21:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.21:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.22:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:botan_project:botan:1.11.22:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.22:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.23:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:botan_project:botan:1.11.23:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.23:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.24:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:botan_project:botan:1.11.24:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.24:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.25:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:botan_project:botan:1.11.25:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.25:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.26:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:botan_project:botan:1.11.26:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.26:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.27:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:botan_project:botan:1.11.27:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.27:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.28:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:botan_project:botan:1.11.28:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.28:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:botan_project:botan:1.11.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.33:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:botan_project:botan:1.11.33:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.33:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.34:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:botan_project:botan:1.11.34:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.34:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:botan_project:botan:1.11.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:botan_project:botan:1.11.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:botan_project:botan:1.11.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:botan_project:botan:1.11.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:botan_project:botan:1.11.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:botan_project:botan:1.11.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:2.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:botan_project:botan:2.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:2.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:2.0.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:botan_project:botan:2.0.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:2.0.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:2.1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:botan_project:botan:2.1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:2.1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:2.2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:botan_project:botan:2.2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:2.2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14737", "reference_id": "CVE-2017-14737", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:N/C:P/I:N/A:N" }, { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14737" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374503?format=api", "purl": "pkg:alpm/archlinux/botan@2.3.0-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/botan@2.3.0-1" } ], "aliases": [ "CVE-2017-14737" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8nmu-s87y-wycj" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/botan@2.3.0-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/373397?format=api", "purl": "pkg:alpm/archlinux/botan@2.18.1-1", "type": "alpm", "namespace": "archlinux", "name": "botan", "version": "2.18.1-1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.18.2-1", "latest_non_vulnerable_version": "2.18.2-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/11195?format=api", "vulnerability_id": "VCID-xffg-w6fz-yqfj", "summary": "Use of a Broken or Risky Cryptographic Algorithm\nThe ElGamal implementation in Botan, as used in Thunderbird and other products, allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-40529", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.003", "scoring_system": "epss", "scoring_elements": "0.53325", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.003", "scoring_system": "epss", "scoring_elements": "0.53242", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.003", "scoring_system": "epss", "scoring_elements": "0.53265", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.003", "scoring_system": "epss", "scoring_elements": "0.53291", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.003", "scoring_system": "epss", "scoring_elements": "0.5326", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.003", "scoring_system": "epss", "scoring_elements": "0.53312", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.003", "scoring_system": "epss", "scoring_elements": "0.53307", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.003", "scoring_system": "epss", "scoring_elements": "0.53357", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.003", "scoring_system": "epss", "scoring_elements": "0.53341", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-40529" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40529", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40529" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993840", "reference_id": "993840", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993840" }, { "reference_url": "https://security.archlinux.org/AVG-2362", "reference_id": "AVG-2362", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2362" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40529", "reference_id": "CVE-2021-40529", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40529" }, { "reference_url": "https://security.gentoo.org/glsa/202208-14", "reference_id": "GLSA-202208-14", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202208-14" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373398?format=api", "purl": "pkg:alpm/archlinux/botan@2.18.2-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/botan@2.18.2-1" } ], "aliases": [ "CVE-2021-40529" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xffg-w6fz-yqfj" } ], "fixing_vulnerabilities": [], "risk_score": "3.1", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/botan@2.18.1-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/373398?format=api", "purl": "pkg:alpm/archlinux/botan@2.18.2-1", "type": "alpm", "namespace": "archlinux", "name": "botan", "version": "2.18.2-1", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/11195?format=api", "vulnerability_id": "VCID-xffg-w6fz-yqfj", "summary": "Use of a Broken or Risky Cryptographic Algorithm\nThe ElGamal implementation in Botan, as used in Thunderbird and other products, allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-40529", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.003", "scoring_system": "epss", "scoring_elements": "0.53325", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.003", "scoring_system": "epss", "scoring_elements": "0.53242", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.003", "scoring_system": "epss", "scoring_elements": "0.53265", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.003", "scoring_system": "epss", "scoring_elements": "0.53291", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.003", "scoring_system": "epss", "scoring_elements": "0.5326", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.003", "scoring_system": "epss", "scoring_elements": "0.53312", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.003", "scoring_system": "epss", "scoring_elements": "0.53307", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.003", "scoring_system": "epss", "scoring_elements": "0.53357", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.003", "scoring_system": "epss", "scoring_elements": "0.53341", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-40529" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40529", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40529" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993840", "reference_id": "993840", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993840" }, { "reference_url": "https://security.archlinux.org/AVG-2362", "reference_id": "AVG-2362", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2362" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40529", "reference_id": "CVE-2021-40529", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40529" }, { "reference_url": "https://security.gentoo.org/glsa/202208-14", "reference_id": "GLSA-202208-14", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202208-14" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373398?format=api", "purl": "pkg:alpm/archlinux/botan@2.18.2-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/botan@2.18.2-1" } ], "aliases": [ "CVE-2021-40529" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xffg-w6fz-yqfj" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/botan@2.18.2-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/374224?format=api", "purl": "pkg:alpm/archlinux/brotli@1.0.7-1", "type": "alpm", "namespace": "archlinux", "name": "brotli", "version": "1.0.7-1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "1.0.9-1", "latest_non_vulnerable_version": "1.0.9-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6142?format=api", "vulnerability_id": "VCID-69ua-s6h2-3uhc", "summary": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8927.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8927.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-36846", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0054", "scoring_system": "epss", "scoring_elements": "0.67617", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0054", "scoring_system": "epss", "scoring_elements": "0.6754", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0054", "scoring_system": "epss", "scoring_elements": "0.67576", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0054", "scoring_system": "epss", "scoring_elements": "0.67627", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0054", "scoring_system": "epss", "scoring_elements": "0.67598", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0054", "scoring_system": "epss", "scoring_elements": "0.6764", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0054", "scoring_system": "epss", "scoring_elements": "0.67663", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0054", "scoring_system": "epss", "scoring_elements": "0.67649", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-36846" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8927", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54138", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54146", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54167", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54185", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54135", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54086", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54112", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54083", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54065", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8927" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8927", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8927" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/bitemyapp/brotli2-rs", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/bitemyapp/brotli2-rs" }, { "reference_url": "https://github.com/bitemyapp/brotli2-rs/issues/45", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/bitemyapp/brotli2-rs/issues/45" }, { "reference_url": "https://github.com/github/advisory-database/issues/785", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/github/advisory-database/issues/785" }, { "reference_url": "https://github.com/google/brotli/commit/223d80cfbec8fd346e32906c732c8ede21f0cea6", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-30T14:40:47Z/" } ], "url": "https://github.com/google/brotli/commit/223d80cfbec8fd346e32906c732c8ede21f0cea6" }, { "reference_url": "https://github.com/google/brotli/releases/tag/v1.0.8", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/google/brotli/releases/tag/v1.0.8" }, { "reference_url": "https://github.com/google/brotli/releases/tag/v1.0.9", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/google/brotli/releases/tag/v1.0.9" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/brotli/PYSEC-2020-29.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/brotli/PYSEC-2020-29.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-30T14:40:47Z/" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8927" }, { "reference_url": "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://rustsec.org/advisories/RUSTSEC-2021-0131.html" }, { "reference_url": "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://rustsec.org/advisories/RUSTSEC-2021-0132.html" }, { "reference_url": "https://usn.ubuntu.com/4568-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://usn.ubuntu.com/4568-1" }, { "reference_url": "https://usn.ubuntu.com/4568-1/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4568-1/" }, { "reference_url": "https://www.debian.org/security/2020/dsa-4801", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2020/dsa-4801" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1879225", "reference_id": "1879225", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1879225" }, { "reference_url": "https://github.com/google/brotli/pull/826", "reference_id": "826", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-30T14:40:47Z/" } ], "url": "https://github.com/google/brotli/pull/826" }, { "reference_url": "https://security.archlinux.org/ASA-202009-12", "reference_id": "ASA-202009-12", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202009-12" }, { "reference_url": "https://security.archlinux.org/ASA-202009-13", "reference_id": "ASA-202009-13", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202009-13" }, { "reference_url": "https://security.archlinux.org/AVG-1230", "reference_id": "AVG-1230", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1230" }, { "reference_url": "https://security.archlinux.org/AVG-1231", "reference_id": "AVG-1231", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1231" }, { "reference_url": "https://github.com/timlegge/perl-IO-Compress-Brotli/blob/8b44c83b23bb4658179e1494af4b725a1bc476bc/Changes#L52", "reference_id": "Changes#L52", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-30T14:40:47Z/" } ], "url": "https://github.com/timlegge/perl-IO-Compress-Brotli/blob/8b44c83b23bb4658179e1494af4b725a1bc476bc/Changes#L52" }, { "reference_url": "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", "reference_id": "GHSA-5v8v-66v8-mwm7", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-30T14:40:47Z/" } ], "url": "https://github.com/advisories/GHSA-5v8v-66v8-mwm7" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1702", "reference_id": "RHSA-2021:1702", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1702" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0827", "reference_id": "RHSA-2022:0827", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0827" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0828", "reference_id": "RHSA-2022:0828", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0828" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0829", "reference_id": "RHSA-2022:0829", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0829" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0830", "reference_id": "RHSA-2022:0830", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0830" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374225?format=api", "purl": "pkg:alpm/archlinux/brotli@1.0.9-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/brotli@1.0.9-1" } ], "aliases": [ "BIT-brotli-2020-8927", "BIT-dotnet-2020-8927", "BIT-dotnet-sdk-2020-8927", "BIT-powershell-2020-8927", "CVE-2020-36846", "CVE-2020-8927", "GHSA-5v8v-66v8-mwm7", "GO-2025-3726", "PYSEC-2020-29", "RUSTSEC-2021-0131", "RUSTSEC-2021-0132" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-69ua-s6h2-3uhc" } ], "fixing_vulnerabilities": [], "risk_score": "4.4", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/brotli@1.0.7-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/374225?format=api", "purl": "pkg:alpm/archlinux/brotli@1.0.9-1", "type": "alpm", "namespace": "archlinux", "name": "brotli", "version": "1.0.9-1", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6142?format=api", "vulnerability_id": "VCID-69ua-s6h2-3uhc", "summary": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8927.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8927.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-36846", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0054", "scoring_system": "epss", "scoring_elements": "0.67617", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0054", "scoring_system": "epss", "scoring_elements": "0.6754", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0054", "scoring_system": "epss", "scoring_elements": "0.67576", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0054", "scoring_system": "epss", "scoring_elements": "0.67627", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0054", "scoring_system": "epss", "scoring_elements": "0.67598", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0054", "scoring_system": "epss", "scoring_elements": "0.6764", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0054", "scoring_system": "epss", "scoring_elements": "0.67663", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0054", "scoring_system": "epss", "scoring_elements": "0.67649", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-36846" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8927", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54138", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54146", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54167", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54185", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54135", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54086", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54112", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54083", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54065", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8927" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8927", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8927" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/bitemyapp/brotli2-rs", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/bitemyapp/brotli2-rs" }, { "reference_url": "https://github.com/bitemyapp/brotli2-rs/issues/45", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/bitemyapp/brotli2-rs/issues/45" }, { "reference_url": "https://github.com/github/advisory-database/issues/785", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/github/advisory-database/issues/785" }, { "reference_url": "https://github.com/google/brotli/commit/223d80cfbec8fd346e32906c732c8ede21f0cea6", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-30T14:40:47Z/" } ], "url": "https://github.com/google/brotli/commit/223d80cfbec8fd346e32906c732c8ede21f0cea6" }, { "reference_url": "https://github.com/google/brotli/releases/tag/v1.0.8", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/google/brotli/releases/tag/v1.0.8" }, { "reference_url": "https://github.com/google/brotli/releases/tag/v1.0.9", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/google/brotli/releases/tag/v1.0.9" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/brotli/PYSEC-2020-29.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/brotli/PYSEC-2020-29.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8927", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-30T14:40:47Z/" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8927" }, { "reference_url": "https://rustsec.org/advisories/RUSTSEC-2021-0131.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://rustsec.org/advisories/RUSTSEC-2021-0131.html" }, { "reference_url": "https://rustsec.org/advisories/RUSTSEC-2021-0132.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://rustsec.org/advisories/RUSTSEC-2021-0132.html" }, { "reference_url": "https://usn.ubuntu.com/4568-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://usn.ubuntu.com/4568-1" }, { "reference_url": "https://usn.ubuntu.com/4568-1/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4568-1/" }, { "reference_url": "https://www.debian.org/security/2020/dsa-4801", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2020/dsa-4801" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1879225", "reference_id": "1879225", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1879225" }, { "reference_url": "https://github.com/google/brotli/pull/826", "reference_id": "826", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-30T14:40:47Z/" } ], "url": "https://github.com/google/brotli/pull/826" }, { "reference_url": "https://security.archlinux.org/ASA-202009-12", "reference_id": "ASA-202009-12", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202009-12" }, { "reference_url": "https://security.archlinux.org/ASA-202009-13", "reference_id": "ASA-202009-13", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202009-13" }, { "reference_url": "https://security.archlinux.org/AVG-1230", "reference_id": "AVG-1230", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1230" }, { "reference_url": "https://security.archlinux.org/AVG-1231", "reference_id": "AVG-1231", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1231" }, { "reference_url": "https://github.com/timlegge/perl-IO-Compress-Brotli/blob/8b44c83b23bb4658179e1494af4b725a1bc476bc/Changes#L52", "reference_id": "Changes#L52", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-30T14:40:47Z/" } ], "url": "https://github.com/timlegge/perl-IO-Compress-Brotli/blob/8b44c83b23bb4658179e1494af4b725a1bc476bc/Changes#L52" }, { "reference_url": "https://github.com/advisories/GHSA-5v8v-66v8-mwm7", "reference_id": "GHSA-5v8v-66v8-mwm7", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-30T14:40:47Z/" } ], "url": "https://github.com/advisories/GHSA-5v8v-66v8-mwm7" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1702", "reference_id": "RHSA-2021:1702", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1702" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0827", "reference_id": "RHSA-2022:0827", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0827" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0828", "reference_id": "RHSA-2022:0828", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0828" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0829", "reference_id": "RHSA-2022:0829", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0829" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0830", "reference_id": "RHSA-2022:0830", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0830" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374225?format=api", "purl": "pkg:alpm/archlinux/brotli@1.0.9-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/brotli@1.0.9-1" } ], "aliases": [ "BIT-brotli-2020-8927", "BIT-dotnet-2020-8927", "BIT-dotnet-sdk-2020-8927", "BIT-powershell-2020-8927", "CVE-2020-36846", "CVE-2020-8927", "GHSA-5v8v-66v8-mwm7", "GO-2025-3726", "PYSEC-2020-29", "RUSTSEC-2021-0131", "RUSTSEC-2021-0132" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-69ua-s6h2-3uhc" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/brotli@1.0.9-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/372869?format=api", "purl": "pkg:alpm/archlinux/busybox@1.27.2-1", "type": "alpm", "namespace": "archlinux", "name": "busybox", "version": "1.27.2-1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "1.28.1-1", "latest_non_vulnerable_version": "1.34.1-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47306?format=api", "vulnerability_id": "VCID-dktd-xqjr-h7h1", "summary": "Multiple vulnerabilities have been found in BusyBox, the worst of\n which could allow remote attackers to execute arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-16544.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-16544.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-16544", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03313", "scoring_system": "epss", "scoring_elements": "0.87216", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.03313", "scoring_system": "epss", "scoring_elements": "0.87206", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.03313", "scoring_system": "epss", "scoring_elements": "0.87232", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.03313", "scoring_system": "epss", "scoring_elements": "0.87229", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.03313", "scoring_system": "epss", "scoring_elements": "0.87249", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.03313", "scoring_system": "epss", "scoring_elements": "0.87256", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.03313", "scoring_system": "epss", "scoring_elements": "0.87268", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.03313", "scoring_system": "epss", "scoring_elements": "0.87263", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.03313", "scoring_system": "epss", "scoring_elements": "0.87258", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-16544" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16544", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16544" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:M/Au:N/C:C/I:C/A:C" }, { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "http://seclists.org/fulldisclosure/2020/Mar/15", "reference_id": "15", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:34:08Z/" } ], "url": "http://seclists.org/fulldisclosure/2020/Mar/15" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1515713", "reference_id": "1515713", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1515713" }, { "reference_url": "http://seclists.org/fulldisclosure/2020/Aug/20", "reference_id": "20", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:34:08Z/" } ], "url": "http://seclists.org/fulldisclosure/2020/Aug/20" }, { "reference_url": "http://seclists.org/fulldisclosure/2021/Aug/21", "reference_id": "21", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:34:08Z/" } ], "url": "http://seclists.org/fulldisclosure/2021/Aug/21" }, { "reference_url": "http://seclists.org/fulldisclosure/2021/Jan/39", "reference_id": "39", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:34:08Z/" } ], "url": "http://seclists.org/fulldisclosure/2021/Jan/39" }, { "reference_url": "http://seclists.org/fulldisclosure/2020/Sep/6", "reference_id": "6", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:34:08Z/" } ], "url": "http://seclists.org/fulldisclosure/2020/Sep/6" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882258", "reference_id": "882258", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882258" }, { "reference_url": "https://security.archlinux.org/ASA-201803-1", "reference_id": "ASA-201803-1", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201803-1" }, { "reference_url": "https://security.archlinux.org/ASA-201803-2", "reference_id": "ASA-201803-2", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201803-2" }, { "reference_url": "https://security.archlinux.org/AVG-512", "reference_id": "AVG-512", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-512" }, { "reference_url": "https://security.archlinux.org/AVG-514", "reference_id": "AVG-514", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-514" }, { "reference_url": "https://www.twistlock.com/2017/11/20/cve-2017-16544-busybox-autocompletion-vulnerability/", "reference_id": "cve-2017-16544-busybox-autocompletion-vulnerability", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:34:08Z/" } ], "url": "https://www.twistlock.com/2017/11/20/cve-2017-16544-busybox-autocompletion-vulnerability/" }, { "reference_url": "https://security.gentoo.org/glsa/201803-12", "reference_id": "GLSA-201803-12", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201803-12" }, { "reference_url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-240-01", "reference_id": "icsa-20-240-01", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:34:08Z/" } ], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-240-01" }, { "reference_url": "https://git.busybox.net/busybox/commit/?id=c3797d40a1c57352192c6106cc0f435e7d9c11e8", "reference_id": "?id=c3797d40a1c57352192c6106cc0f435e7d9c11e8", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:34:08Z/" } ], "url": "https://git.busybox.net/busybox/commit/?id=c3797d40a1c57352192c6106cc0f435e7d9c11e8" }, { "reference_url": "https://usn.ubuntu.com/3935-1/", "reference_id": "USN-3935-1", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:34:08Z/" } ], "url": "https://usn.ubuntu.com/3935-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372870?format=api", "purl": "pkg:alpm/archlinux/busybox@1.28.1-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/busybox@1.28.1-1" } ], "aliases": [ "CVE-2017-16544" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dktd-xqjr-h7h1" } ], "fixing_vulnerabilities": [], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/busybox@1.27.2-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/372870?format=api", "purl": "pkg:alpm/archlinux/busybox@1.28.1-1", "type": "alpm", "namespace": "archlinux", "name": "busybox", "version": "1.28.1-1", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "1.32.1-4", "latest_non_vulnerable_version": "1.34.1-1", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47306?format=api", "vulnerability_id": "VCID-dktd-xqjr-h7h1", "summary": "Multiple vulnerabilities have been found in BusyBox, the worst of\n which could allow remote attackers to execute arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-16544.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-16544.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-16544", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03313", "scoring_system": "epss", "scoring_elements": "0.87216", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.03313", "scoring_system": "epss", "scoring_elements": "0.87206", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.03313", "scoring_system": "epss", "scoring_elements": "0.87232", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.03313", "scoring_system": "epss", "scoring_elements": "0.87229", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.03313", "scoring_system": "epss", "scoring_elements": "0.87249", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.03313", "scoring_system": "epss", "scoring_elements": "0.87256", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.03313", "scoring_system": "epss", "scoring_elements": "0.87268", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.03313", "scoring_system": "epss", "scoring_elements": "0.87263", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.03313", "scoring_system": "epss", "scoring_elements": "0.87258", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-16544" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16544", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16544" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:M/Au:N/C:C/I:C/A:C" }, { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "http://seclists.org/fulldisclosure/2020/Mar/15", "reference_id": "15", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:34:08Z/" } ], "url": "http://seclists.org/fulldisclosure/2020/Mar/15" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1515713", "reference_id": "1515713", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1515713" }, { "reference_url": "http://seclists.org/fulldisclosure/2020/Aug/20", "reference_id": "20", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:34:08Z/" } ], "url": "http://seclists.org/fulldisclosure/2020/Aug/20" }, { "reference_url": "http://seclists.org/fulldisclosure/2021/Aug/21", "reference_id": "21", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:34:08Z/" } ], "url": "http://seclists.org/fulldisclosure/2021/Aug/21" }, { "reference_url": "http://seclists.org/fulldisclosure/2021/Jan/39", "reference_id": "39", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:34:08Z/" } ], "url": "http://seclists.org/fulldisclosure/2021/Jan/39" }, { "reference_url": "http://seclists.org/fulldisclosure/2020/Sep/6", "reference_id": "6", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:34:08Z/" } ], "url": "http://seclists.org/fulldisclosure/2020/Sep/6" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882258", "reference_id": "882258", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882258" }, { "reference_url": "https://security.archlinux.org/ASA-201803-1", "reference_id": "ASA-201803-1", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201803-1" }, { "reference_url": "https://security.archlinux.org/ASA-201803-2", "reference_id": "ASA-201803-2", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201803-2" }, { "reference_url": "https://security.archlinux.org/AVG-512", "reference_id": "AVG-512", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-512" }, { "reference_url": "https://security.archlinux.org/AVG-514", "reference_id": "AVG-514", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-514" }, { "reference_url": "https://www.twistlock.com/2017/11/20/cve-2017-16544-busybox-autocompletion-vulnerability/", "reference_id": "cve-2017-16544-busybox-autocompletion-vulnerability", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:34:08Z/" } ], "url": "https://www.twistlock.com/2017/11/20/cve-2017-16544-busybox-autocompletion-vulnerability/" }, { "reference_url": "https://security.gentoo.org/glsa/201803-12", "reference_id": "GLSA-201803-12", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201803-12" }, { "reference_url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-240-01", "reference_id": "icsa-20-240-01", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:34:08Z/" } ], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-240-01" }, { "reference_url": "https://git.busybox.net/busybox/commit/?id=c3797d40a1c57352192c6106cc0f435e7d9c11e8", "reference_id": "?id=c3797d40a1c57352192c6106cc0f435e7d9c11e8", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:34:08Z/" } ], "url": "https://git.busybox.net/busybox/commit/?id=c3797d40a1c57352192c6106cc0f435e7d9c11e8" }, { "reference_url": "https://usn.ubuntu.com/3935-1/", "reference_id": "USN-3935-1", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:34:08Z/" } ], "url": "https://usn.ubuntu.com/3935-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372870?format=api", "purl": "pkg:alpm/archlinux/busybox@1.28.1-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/busybox@1.28.1-1" } ], "aliases": [ "CVE-2017-16544" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dktd-xqjr-h7h1" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/busybox@1.28.1-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/374836?format=api", "purl": "pkg:alpm/archlinux/busybox@1.32.1-3", "type": "alpm", "namespace": "archlinux", "name": "busybox", "version": "1.32.1-3", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "1.32.1-4", "latest_non_vulnerable_version": "1.34.1-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39478?format=api", "vulnerability_id": "VCID-vpmv-afzs-tffj", "summary": "A vulnerability in BusyBox might allow remote attackers to cause a\n Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28831.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28831.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-28831", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01019", "scoring_system": "epss", "scoring_elements": "0.77155", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01019", "scoring_system": "epss", "scoring_elements": "0.77217", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01019", "scoring_system": "epss", "scoring_elements": "0.77161", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01019", "scoring_system": "epss", "scoring_elements": "0.77191", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01019", "scoring_system": "epss", "scoring_elements": "0.77173", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01019", "scoring_system": "epss", "scoring_elements": "0.77205", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01019", "scoring_system": "epss", "scoring_elements": "0.77214", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01019", "scoring_system": "epss", "scoring_elements": "0.77241", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01019", "scoring_system": "epss", "scoring_elements": "0.7722", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-28831" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28831", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28831" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1941028", "reference_id": "1941028", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1941028" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3UDQGJRECXFS5EZVDH2OI45FMO436AC4/", "reference_id": "3UDQGJRECXFS5EZVDH2OI45FMO436AC4", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AC:L/AV:N/A:H/C:N/I:N/PR:N/S:U/UI:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:57:33Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3UDQGJRECXFS5EZVDH2OI45FMO436AC4/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985674", "reference_id": "985674", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985674" }, { "reference_url": "https://security.archlinux.org/ASA-202103-11", "reference_id": "ASA-202103-11", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202103-11" }, { "reference_url": "https://security.archlinux.org/ASA-202103-12", "reference_id": "ASA-202103-12", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202103-12" }, { "reference_url": "https://security.archlinux.org/AVG-1707", "reference_id": "AVG-1707", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1707" }, { "reference_url": "https://security.archlinux.org/AVG-1708", "reference_id": "AVG-1708", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1708" }, { "reference_url": "https://security.gentoo.org/glsa/202105-09", "reference_id": "GLSA-202105-09", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AC:L/AV:N/A:H/C:N/I:N/PR:N/S:U/UI:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:57:33Z/" } ], "url": "https://security.gentoo.org/glsa/202105-09" }, { "reference_url": "https://git.busybox.net/busybox/commit/?id=f25d254dfd4243698c31a4f3153d4ac72aa9e9bd", "reference_id": "?id=f25d254dfd4243698c31a4f3153d4ac72aa9e9bd", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AC:L/AV:N/A:H/C:N/I:N/PR:N/S:U/UI:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:57:33Z/" } ], "url": "https://git.busybox.net/busybox/commit/?id=f25d254dfd4243698c31a4f3153d4ac72aa9e9bd" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00001.html", "reference_id": "msg00001.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AC:L/AV:N/A:H/C:N/I:N/PR:N/S:U/UI:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:57:33Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00001.html" }, { "reference_url": "https://usn.ubuntu.com/5179-1/", "reference_id": "USN-5179-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5179-1/" }, { "reference_url": "https://usn.ubuntu.com/5179-2/", "reference_id": "USN-5179-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5179-2/" }, { "reference_url": "https://usn.ubuntu.com/6335-1/", "reference_id": "USN-6335-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6335-1/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7ZIFKPRR32ZYA3WAA2NXFA3QHHOU6FJ/", "reference_id": "Z7ZIFKPRR32ZYA3WAA2NXFA3QHHOU6FJ", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AC:L/AV:N/A:H/C:N/I:N/PR:N/S:U/UI:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:57:33Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7ZIFKPRR32ZYA3WAA2NXFA3QHHOU6FJ/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZASBW7QRRLY5V2R44MQ4QQM4CZIDHM2U/", "reference_id": "ZASBW7QRRLY5V2R44MQ4QQM4CZIDHM2U", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AC:L/AV:N/A:H/C:N/I:N/PR:N/S:U/UI:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:57:33Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZASBW7QRRLY5V2R44MQ4QQM4CZIDHM2U/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374837?format=api", "purl": "pkg:alpm/archlinux/busybox@1.32.1-4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/busybox@1.32.1-4" } ], "aliases": [ "CVE-2021-28831" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vpmv-afzs-tffj" } ], "fixing_vulnerabilities": [], "risk_score": "3.4", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/busybox@1.32.1-3" }, { "url": "http://public2.vulnerablecode.io/api/packages/374837?format=api", "purl": "pkg:alpm/archlinux/busybox@1.32.1-4", "type": "alpm", "namespace": "archlinux", "name": "busybox", "version": "1.32.1-4", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "1.34.1-1", "latest_non_vulnerable_version": "1.34.1-1", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39478?format=api", "vulnerability_id": "VCID-vpmv-afzs-tffj", "summary": "A vulnerability in BusyBox might allow remote attackers to cause a\n Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28831.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28831.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-28831", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01019", "scoring_system": "epss", "scoring_elements": "0.77155", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01019", "scoring_system": "epss", "scoring_elements": "0.77217", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01019", "scoring_system": "epss", "scoring_elements": "0.77161", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01019", "scoring_system": "epss", "scoring_elements": "0.77191", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01019", "scoring_system": "epss", "scoring_elements": "0.77173", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01019", "scoring_system": "epss", "scoring_elements": "0.77205", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01019", "scoring_system": "epss", "scoring_elements": "0.77214", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01019", "scoring_system": "epss", "scoring_elements": "0.77241", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01019", "scoring_system": "epss", "scoring_elements": "0.7722", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-28831" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28831", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28831" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1941028", "reference_id": "1941028", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1941028" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3UDQGJRECXFS5EZVDH2OI45FMO436AC4/", "reference_id": "3UDQGJRECXFS5EZVDH2OI45FMO436AC4", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AC:L/AV:N/A:H/C:N/I:N/PR:N/S:U/UI:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:57:33Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3UDQGJRECXFS5EZVDH2OI45FMO436AC4/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985674", "reference_id": "985674", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985674" }, { "reference_url": "https://security.archlinux.org/ASA-202103-11", "reference_id": "ASA-202103-11", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202103-11" }, { "reference_url": "https://security.archlinux.org/ASA-202103-12", "reference_id": "ASA-202103-12", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202103-12" }, { "reference_url": "https://security.archlinux.org/AVG-1707", "reference_id": "AVG-1707", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1707" }, { "reference_url": "https://security.archlinux.org/AVG-1708", "reference_id": "AVG-1708", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1708" }, { "reference_url": "https://security.gentoo.org/glsa/202105-09", "reference_id": "GLSA-202105-09", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AC:L/AV:N/A:H/C:N/I:N/PR:N/S:U/UI:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:57:33Z/" } ], "url": "https://security.gentoo.org/glsa/202105-09" }, { "reference_url": "https://git.busybox.net/busybox/commit/?id=f25d254dfd4243698c31a4f3153d4ac72aa9e9bd", "reference_id": "?id=f25d254dfd4243698c31a4f3153d4ac72aa9e9bd", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AC:L/AV:N/A:H/C:N/I:N/PR:N/S:U/UI:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:57:33Z/" } ], "url": "https://git.busybox.net/busybox/commit/?id=f25d254dfd4243698c31a4f3153d4ac72aa9e9bd" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00001.html", "reference_id": "msg00001.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AC:L/AV:N/A:H/C:N/I:N/PR:N/S:U/UI:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:57:33Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00001.html" }, { "reference_url": "https://usn.ubuntu.com/5179-1/", "reference_id": "USN-5179-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5179-1/" }, { "reference_url": "https://usn.ubuntu.com/5179-2/", "reference_id": "USN-5179-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5179-2/" }, { "reference_url": "https://usn.ubuntu.com/6335-1/", "reference_id": "USN-6335-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6335-1/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7ZIFKPRR32ZYA3WAA2NXFA3QHHOU6FJ/", "reference_id": "Z7ZIFKPRR32ZYA3WAA2NXFA3QHHOU6FJ", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AC:L/AV:N/A:H/C:N/I:N/PR:N/S:U/UI:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:57:33Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7ZIFKPRR32ZYA3WAA2NXFA3QHHOU6FJ/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZASBW7QRRLY5V2R44MQ4QQM4CZIDHM2U/", "reference_id": "ZASBW7QRRLY5V2R44MQ4QQM4CZIDHM2U", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AC:L/AV:N/A:H/C:N/I:N/PR:N/S:U/UI:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:57:33Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZASBW7QRRLY5V2R44MQ4QQM4CZIDHM2U/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374837?format=api", "purl": "pkg:alpm/archlinux/busybox@1.32.1-4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/busybox@1.32.1-4" } ], "aliases": [ "CVE-2021-28831" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vpmv-afzs-tffj" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/busybox@1.32.1-4" }, { "url": "http://public2.vulnerablecode.io/api/packages/373364?format=api", "purl": "pkg:alpm/archlinux/busybox@1.33.1-1", "type": "alpm", "namespace": "archlinux", "name": "busybox", "version": "1.33.1-1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "1.34.1-1", "latest_non_vulnerable_version": "1.34.1-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40694?format=api", "vulnerability_id": "VCID-4muk-rhx5-yqeu", "summary": "Multiple vulnerabilities have been discovered in BusyBox, the worst of which could lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42386.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42386.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42386", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00293", "scoring_system": "epss", "scoring_elements": "0.52565", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00293", "scoring_system": "epss", "scoring_elements": "0.52665", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00293", "scoring_system": "epss", "scoring_elements": "0.52608", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00293", "scoring_system": "epss", "scoring_elements": "0.52634", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00293", "scoring_system": "epss", "scoring_elements": "0.52601", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00293", "scoring_system": "epss", "scoring_elements": "0.52652", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00293", "scoring_system": "epss", "scoring_elements": "0.52647", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00293", "scoring_system": "epss", "scoring_elements": "0.52697", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00293", "scoring_system": "epss", "scoring_elements": "0.52681", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42386" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42386", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42386" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023938", "reference_id": "2023938", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023938" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/", "reference_id": "6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:31:59Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567", "reference_id": "999567", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567" }, { "reference_url": "https://security.archlinux.org/AVG-2561", "reference_id": "AVG-2561", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2561" }, { "reference_url": "https://security.archlinux.org/AVG-2562", "reference_id": "AVG-2562", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2562" }, { "reference_url": "https://security.gentoo.org/glsa/202407-17", "reference_id": "GLSA-202407-17", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202407-17" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20211223-0002/", "reference_id": "ntap-20211223-0002", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:31:59Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20211223-0002/" }, { "reference_url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/", "reference_id": "unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:31:59Z/" } ], "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" }, { "reference_url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog", "reference_id": "unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:31:59Z/" } ], "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/", "reference_id": "UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:31:59Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" }, { "reference_url": "https://usn.ubuntu.com/5179-1/", "reference_id": "USN-5179-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5179-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373365?format=api", "purl": "pkg:alpm/archlinux/busybox@1.34.1-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/busybox@1.34.1-1" } ], "aliases": [ "CVE-2021-42386" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4muk-rhx5-yqeu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40693?format=api", "vulnerability_id": "VCID-4qpt-mxfy-6bh6", "summary": "Multiple vulnerabilities have been discovered in BusyBox, the worst of which could lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42385.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42385.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42385", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00293", "scoring_system": "epss", "scoring_elements": "0.52565", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00293", "scoring_system": "epss", "scoring_elements": "0.52665", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00293", "scoring_system": "epss", "scoring_elements": "0.52608", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00293", "scoring_system": "epss", "scoring_elements": "0.52634", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00293", "scoring_system": "epss", "scoring_elements": "0.52601", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00293", "scoring_system": "epss", "scoring_elements": "0.52652", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00293", "scoring_system": "epss", "scoring_elements": "0.52647", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00293", "scoring_system": "epss", "scoring_elements": "0.52697", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00293", "scoring_system": "epss", "scoring_elements": "0.52681", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42385" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42385", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42385" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023936", "reference_id": "2023936", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023936" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/", "reference_id": "6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:00Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567", "reference_id": "999567", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567" }, { "reference_url": "https://security.archlinux.org/AVG-2561", "reference_id": "AVG-2561", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2561" }, { "reference_url": "https://security.archlinux.org/AVG-2562", "reference_id": "AVG-2562", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2562" }, { "reference_url": "https://security.gentoo.org/glsa/202407-17", "reference_id": "GLSA-202407-17", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202407-17" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20211223-0002/", "reference_id": "ntap-20211223-0002", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:00Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20211223-0002/" }, { "reference_url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/", "reference_id": "unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:00Z/" } ], "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" }, { "reference_url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog", "reference_id": "unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:00Z/" } ], "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/", "reference_id": "UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:00Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" }, { "reference_url": "https://usn.ubuntu.com/5179-1/", "reference_id": "USN-5179-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5179-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373365?format=api", "purl": "pkg:alpm/archlinux/busybox@1.34.1-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/busybox@1.34.1-1" } ], "aliases": [ "CVE-2021-42385" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4qpt-mxfy-6bh6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40685?format=api", "vulnerability_id": "VCID-8r73-bpac-dubc", "summary": "Multiple vulnerabilities have been discovered in BusyBox, the worst of which could lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42377.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42377.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42377", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02855", "scoring_system": "epss", "scoring_elements": "0.86174", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.02855", "scoring_system": "epss", "scoring_elements": "0.86236", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02855", "scoring_system": "epss", "scoring_elements": "0.86228", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02855", "scoring_system": "epss", "scoring_elements": "0.86243", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02855", "scoring_system": "epss", "scoring_elements": "0.8624", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02855", "scoring_system": "epss", "scoring_elements": "0.86184", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02855", "scoring_system": "epss", "scoring_elements": "0.86197", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02855", "scoring_system": "epss", "scoring_elements": "0.86198", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02855", "scoring_system": "epss", "scoring_elements": "0.86217", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42377" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42377", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42377" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023895", "reference_id": "2023895", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023895" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567", "reference_id": "999567", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567" }, { "reference_url": "https://security.archlinux.org/AVG-2561", "reference_id": "AVG-2561", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2561" }, { "reference_url": "https://security.archlinux.org/AVG-2562", "reference_id": "AVG-2562", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2562" }, { "reference_url": "https://security.gentoo.org/glsa/202407-17", "reference_id": "GLSA-202407-17", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202407-17" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373365?format=api", "purl": "pkg:alpm/archlinux/busybox@1.34.1-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/busybox@1.34.1-1" } ], "aliases": [ "CVE-2021-42377" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8r73-bpac-dubc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40683?format=api", "vulnerability_id": "VCID-92nk-cwc9-rkg4", "summary": "Multiple vulnerabilities have been discovered in BusyBox, the worst of which could lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42375.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42375.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42375", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19135", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19076", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19269", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.1932", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19035", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19115", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19168", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19175", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19128", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42375" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42375", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42375" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023888", "reference_id": "2023888", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023888" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/", "reference_id": "6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:22:05Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567", "reference_id": "999567", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567" }, { "reference_url": "https://security.archlinux.org/AVG-2561", "reference_id": "AVG-2561", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2561" }, { "reference_url": "https://security.archlinux.org/AVG-2562", "reference_id": "AVG-2562", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2562" }, { "reference_url": "https://security.gentoo.org/glsa/202407-17", "reference_id": "GLSA-202407-17", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202407-17" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20211223-0002/", "reference_id": "ntap-20211223-0002", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:22:05Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20211223-0002/" }, { "reference_url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/", "reference_id": "unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:22:05Z/" } ], "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" }, { "reference_url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog", "reference_id": "unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:22:05Z/" } ], "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/", "reference_id": "UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:22:05Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373365?format=api", "purl": "pkg:alpm/archlinux/busybox@1.34.1-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/busybox@1.34.1-1" } ], "aliases": [ "CVE-2021-42375" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-92nk-cwc9-rkg4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40692?format=api", "vulnerability_id": "VCID-9fex-zr2n-w3cb", "summary": "Multiple vulnerabilities have been discovered in BusyBox, the worst of which could lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42384.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42384.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42384", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.4647", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46535", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46507", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46527", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46476", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46531", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46555", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42384" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42384", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42384" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023933", "reference_id": "2023933", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023933" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/", "reference_id": "6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:01Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567", "reference_id": "999567", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567" }, { "reference_url": "https://security.archlinux.org/AVG-2561", "reference_id": "AVG-2561", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2561" }, { "reference_url": "https://security.archlinux.org/AVG-2562", "reference_id": "AVG-2562", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2562" }, { "reference_url": "https://security.gentoo.org/glsa/202407-17", "reference_id": "GLSA-202407-17", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202407-17" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20211223-0002/", "reference_id": "ntap-20211223-0002", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:01Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20211223-0002/" }, { "reference_url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/", "reference_id": "unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:01Z/" } ], "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" }, { "reference_url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog", "reference_id": "unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:01Z/" } ], "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/", "reference_id": "UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:01Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" }, { "reference_url": "https://usn.ubuntu.com/5179-1/", "reference_id": "USN-5179-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5179-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373365?format=api", "purl": "pkg:alpm/archlinux/busybox@1.34.1-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/busybox@1.34.1-1" } ], "aliases": [ "CVE-2021-42384" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9fex-zr2n-w3cb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40688?format=api", "vulnerability_id": "VCID-dse8-esmh-3ygm", "summary": "Multiple vulnerabilities have been discovered in BusyBox, the worst of which could lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42380.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42380.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42380", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00452", "scoring_system": "epss", "scoring_elements": "0.63711", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00452", "scoring_system": "epss", "scoring_elements": "0.63716", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00452", "scoring_system": "epss", "scoring_elements": "0.63676", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00452", "scoring_system": "epss", "scoring_elements": "0.63728", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00452", "scoring_system": "epss", "scoring_elements": "0.63745", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00452", "scoring_system": "epss", "scoring_elements": "0.63759", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00464", "scoring_system": "epss", "scoring_elements": "0.64309", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00464", "scoring_system": "epss", "scoring_elements": "0.64251", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42380" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42380", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42380" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023912", "reference_id": "2023912", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023912" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/", "reference_id": "6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:07Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567", "reference_id": "999567", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567" }, { "reference_url": "https://security.archlinux.org/AVG-2561", "reference_id": "AVG-2561", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2561" }, { "reference_url": "https://security.archlinux.org/AVG-2562", "reference_id": "AVG-2562", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2562" }, { "reference_url": "https://security.gentoo.org/glsa/202407-17", "reference_id": "GLSA-202407-17", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202407-17" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20211223-0002/", "reference_id": "ntap-20211223-0002", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:07Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20211223-0002/" }, { "reference_url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/", "reference_id": "unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:07Z/" } ], "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" }, { "reference_url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog", "reference_id": "unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:07Z/" } ], "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/", "reference_id": "UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:07Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" }, { "reference_url": "https://usn.ubuntu.com/5179-1/", "reference_id": "USN-5179-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5179-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373365?format=api", "purl": "pkg:alpm/archlinux/busybox@1.34.1-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/busybox@1.34.1-1" } ], "aliases": [ "CVE-2021-42380" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dse8-esmh-3ygm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40687?format=api", "vulnerability_id": "VCID-gdfa-8gar-47gd", "summary": "Multiple vulnerabilities have been discovered in BusyBox, the worst of which could lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42379.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42379.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42379", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.4647", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46535", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46507", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46527", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46476", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46531", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46555", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42379" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42379", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42379" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023904", "reference_id": "2023904", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023904" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/", "reference_id": "6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:08Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567", "reference_id": "999567", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567" }, { "reference_url": "https://security.archlinux.org/AVG-2561", "reference_id": "AVG-2561", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2561" }, { "reference_url": "https://security.archlinux.org/AVG-2562", "reference_id": "AVG-2562", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2562" }, { "reference_url": "https://security.gentoo.org/glsa/202407-17", "reference_id": "GLSA-202407-17", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202407-17" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20211223-0002/", "reference_id": "ntap-20211223-0002", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:08Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20211223-0002/" }, { "reference_url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/", "reference_id": "unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:08Z/" } ], "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" }, { "reference_url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog", "reference_id": "unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:08Z/" } ], "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/", "reference_id": "UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:08Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" }, { "reference_url": "https://usn.ubuntu.com/5179-1/", "reference_id": "USN-5179-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5179-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373365?format=api", "purl": "pkg:alpm/archlinux/busybox@1.34.1-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/busybox@1.34.1-1" } ], "aliases": [ "CVE-2021-42379" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gdfa-8gar-47gd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40686?format=api", "vulnerability_id": "VCID-jjxj-yf1x-4qg5", "summary": "Multiple vulnerabilities have been discovered in BusyBox, the worst of which could lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42378.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42378.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42378", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.4647", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46535", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46507", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46527", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46476", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46531", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46555", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42378" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023900", "reference_id": "2023900", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023900" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/", "reference_id": "6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:10Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567", "reference_id": "999567", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567" }, { "reference_url": "https://security.archlinux.org/AVG-2561", "reference_id": "AVG-2561", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2561" }, { "reference_url": "https://security.archlinux.org/AVG-2562", "reference_id": "AVG-2562", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2562" }, { "reference_url": "https://security.gentoo.org/glsa/202407-17", "reference_id": "GLSA-202407-17", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202407-17" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20211223-0002/", "reference_id": "ntap-20211223-0002", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:10Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20211223-0002/" }, { "reference_url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/", "reference_id": "unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:10Z/" } ], "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" }, { "reference_url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog", "reference_id": "unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:10Z/" } ], "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/", "reference_id": "UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:10Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" }, { "reference_url": "https://usn.ubuntu.com/5179-1/", "reference_id": "USN-5179-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5179-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373365?format=api", "purl": "pkg:alpm/archlinux/busybox@1.34.1-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/busybox@1.34.1-1" } ], "aliases": [ "CVE-2021-42378" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jjxj-yf1x-4qg5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40690?format=api", "vulnerability_id": "VCID-mdmz-hjvu-hke3", "summary": "Multiple vulnerabilities have been discovered in BusyBox, the worst of which could lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42382.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42382.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42382", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.54992", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55117", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55094", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55118", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55093", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55143", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55155", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55135", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42382" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42382", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42382" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023929", "reference_id": "2023929", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023929" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/", "reference_id": "6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:04Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567", "reference_id": "999567", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567" }, { "reference_url": "https://security.archlinux.org/AVG-2561", "reference_id": "AVG-2561", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2561" }, { "reference_url": "https://security.archlinux.org/AVG-2562", "reference_id": "AVG-2562", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2562" }, { "reference_url": "https://security.gentoo.org/glsa/202407-17", "reference_id": "GLSA-202407-17", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202407-17" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20211223-0002/", "reference_id": "ntap-20211223-0002", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:04Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20211223-0002/" }, { "reference_url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/", "reference_id": "unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:04Z/" } ], "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" }, { "reference_url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog", "reference_id": "unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:04Z/" } ], "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/", "reference_id": "UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:04Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" }, { "reference_url": "https://usn.ubuntu.com/5179-1/", "reference_id": "USN-5179-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5179-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373365?format=api", "purl": "pkg:alpm/archlinux/busybox@1.34.1-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/busybox@1.34.1-1" } ], "aliases": [ "CVE-2021-42382" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mdmz-hjvu-hke3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40689?format=api", "vulnerability_id": "VCID-r12h-q1dj-a7b8", "summary": "Multiple vulnerabilities have been discovered in BusyBox, the worst of which could lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42381.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42381.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42381", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.54992", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55117", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55094", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55118", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55093", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55143", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55155", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55135", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42381" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42381", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42381" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023927", "reference_id": "2023927", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023927" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/", "reference_id": "6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:06Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567", "reference_id": "999567", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567" }, { "reference_url": "https://security.archlinux.org/AVG-2561", "reference_id": "AVG-2561", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2561" }, { "reference_url": "https://security.archlinux.org/AVG-2562", "reference_id": "AVG-2562", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2562" }, { "reference_url": "https://security.gentoo.org/glsa/202407-17", "reference_id": "GLSA-202407-17", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202407-17" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20211223-0002/", "reference_id": "ntap-20211223-0002", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:06Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20211223-0002/" }, { "reference_url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/", "reference_id": "unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:06Z/" } ], "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" }, { "reference_url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog", "reference_id": "unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:06Z/" } ], "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/", "reference_id": "UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:06Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" }, { "reference_url": "https://usn.ubuntu.com/5179-1/", "reference_id": "USN-5179-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5179-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373365?format=api", "purl": "pkg:alpm/archlinux/busybox@1.34.1-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/busybox@1.34.1-1" } ], "aliases": [ "CVE-2021-42381" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r12h-q1dj-a7b8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40681?format=api", "vulnerability_id": "VCID-rp81-5jrg-jkht", "summary": "Multiple vulnerabilities have been discovered in BusyBox, the worst of which could lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42373.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42373.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42373", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.2428", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24249", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24331", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24349", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24306", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24407", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24439", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24222", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24288", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42373" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42373", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42373" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023876", "reference_id": "2023876", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023876" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567", "reference_id": "999567", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567" }, { "reference_url": "https://security.archlinux.org/AVG-2561", "reference_id": "AVG-2561", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2561" }, { "reference_url": "https://security.archlinux.org/AVG-2562", "reference_id": "AVG-2562", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2562" }, { "reference_url": "https://security.gentoo.org/glsa/202407-17", "reference_id": "GLSA-202407-17", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202407-17" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373365?format=api", "purl": "pkg:alpm/archlinux/busybox@1.34.1-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/busybox@1.34.1-1" } ], "aliases": [ "CVE-2021-42373" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rp81-5jrg-jkht" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40691?format=api", "vulnerability_id": "VCID-svyb-nqje-dbcs", "summary": "Multiple vulnerabilities have been discovered in BusyBox, the worst of which could lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42383.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42383.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42383", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52144", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.5225", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52188", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52215", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.5218", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52233", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52229", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.5228", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52264", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42383" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42383", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42383" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023931", "reference_id": "2023931", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023931" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/", "reference_id": "6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:03Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567", "reference_id": "999567", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567" }, { "reference_url": "https://security.archlinux.org/AVG-2561", "reference_id": "AVG-2561", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2561" }, { "reference_url": "https://security.archlinux.org/AVG-2562", "reference_id": "AVG-2562", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2562" }, { "reference_url": "https://security.gentoo.org/glsa/202407-17", "reference_id": "GLSA-202407-17", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202407-17" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20211223-0002/", "reference_id": "ntap-20211223-0002", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:03Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20211223-0002/" }, { "reference_url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/", "reference_id": "unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:03Z/" } ], "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" }, { "reference_url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog", "reference_id": "unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:03Z/" } ], "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/", "reference_id": "UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:03Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373365?format=api", "purl": "pkg:alpm/archlinux/busybox@1.34.1-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/busybox@1.34.1-1" } ], "aliases": [ "CVE-2021-42383" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-svyb-nqje-dbcs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40682?format=api", "vulnerability_id": "VCID-tkat-gfks-kqg9", "summary": "Multiple vulnerabilities have been discovered in BusyBox, the worst of which could lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42374.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42374.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42374", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20042", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20022", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20189", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20244", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.19969", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20049", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20107", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20126", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.2008", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42374" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42374", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42374" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023881", "reference_id": "2023881", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023881" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/", "reference_id": "6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:31:05Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567", "reference_id": "999567", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567" }, { "reference_url": "https://security.archlinux.org/AVG-2561", "reference_id": "AVG-2561", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2561" }, { "reference_url": "https://security.archlinux.org/AVG-2562", "reference_id": "AVG-2562", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2562" }, { "reference_url": "https://security.gentoo.org/glsa/202407-17", "reference_id": "GLSA-202407-17", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202407-17" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20211223-0002/", "reference_id": "ntap-20211223-0002", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:31:05Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20211223-0002/" }, { "reference_url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/", "reference_id": "unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:31:05Z/" } ], "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" }, { "reference_url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog", "reference_id": "unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:31:05Z/" } ], "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/", "reference_id": "UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:31:05Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" }, { "reference_url": "https://usn.ubuntu.com/5179-1/", "reference_id": "USN-5179-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5179-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373365?format=api", "purl": "pkg:alpm/archlinux/busybox@1.34.1-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/busybox@1.34.1-1" } ], "aliases": [ "CVE-2021-42374" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tkat-gfks-kqg9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40684?format=api", "vulnerability_id": "VCID-vjyq-6k64-7fat", "summary": "Multiple vulnerabilities have been discovered in BusyBox, the worst of which could lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42376.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42376.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42376", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13819", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13766", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13893", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13851", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13815", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13902", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13958", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.1376", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13843", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42376" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42376", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42376" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023891", "reference_id": "2023891", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023891" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567", "reference_id": "999567", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567" }, { "reference_url": "https://security.archlinux.org/AVG-2561", "reference_id": "AVG-2561", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2561" }, { "reference_url": "https://security.archlinux.org/AVG-2562", "reference_id": "AVG-2562", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2562" }, { "reference_url": "https://security.gentoo.org/glsa/202407-17", "reference_id": "GLSA-202407-17", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202407-17" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373365?format=api", "purl": "pkg:alpm/archlinux/busybox@1.34.1-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/busybox@1.34.1-1" } ], "aliases": [ "CVE-2021-42376" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vjyq-6k64-7fat" } ], "fixing_vulnerabilities": [], "risk_score": "3.2", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/busybox@1.33.1-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/373365?format=api", "purl": "pkg:alpm/archlinux/busybox@1.34.1-1", "type": "alpm", "namespace": "archlinux", "name": "busybox", "version": "1.34.1-1", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40694?format=api", "vulnerability_id": "VCID-4muk-rhx5-yqeu", "summary": "Multiple vulnerabilities have been discovered in BusyBox, the worst of which could lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42386.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42386.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42386", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00293", "scoring_system": "epss", "scoring_elements": "0.52565", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00293", "scoring_system": "epss", "scoring_elements": "0.52665", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00293", "scoring_system": "epss", "scoring_elements": "0.52608", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00293", "scoring_system": "epss", "scoring_elements": "0.52634", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00293", "scoring_system": "epss", "scoring_elements": "0.52601", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00293", "scoring_system": "epss", "scoring_elements": "0.52652", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00293", "scoring_system": "epss", "scoring_elements": "0.52647", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00293", "scoring_system": "epss", "scoring_elements": "0.52697", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00293", "scoring_system": "epss", "scoring_elements": "0.52681", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42386" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42386", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42386" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023938", "reference_id": "2023938", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023938" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/", "reference_id": "6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:31:59Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567", "reference_id": "999567", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567" }, { "reference_url": "https://security.archlinux.org/AVG-2561", "reference_id": "AVG-2561", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2561" }, { "reference_url": "https://security.archlinux.org/AVG-2562", "reference_id": "AVG-2562", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2562" }, { "reference_url": "https://security.gentoo.org/glsa/202407-17", "reference_id": "GLSA-202407-17", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202407-17" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20211223-0002/", "reference_id": "ntap-20211223-0002", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:31:59Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20211223-0002/" }, { "reference_url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/", "reference_id": "unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:31:59Z/" } ], "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" }, { "reference_url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog", "reference_id": "unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:31:59Z/" } ], "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/", "reference_id": "UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:31:59Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" }, { "reference_url": "https://usn.ubuntu.com/5179-1/", "reference_id": "USN-5179-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5179-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373365?format=api", "purl": "pkg:alpm/archlinux/busybox@1.34.1-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/busybox@1.34.1-1" } ], "aliases": [ "CVE-2021-42386" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4muk-rhx5-yqeu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40693?format=api", "vulnerability_id": "VCID-4qpt-mxfy-6bh6", "summary": "Multiple vulnerabilities have been discovered in BusyBox, the worst of which could lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42385.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42385.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42385", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00293", "scoring_system": "epss", "scoring_elements": "0.52565", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00293", "scoring_system": "epss", "scoring_elements": "0.52665", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00293", "scoring_system": "epss", "scoring_elements": "0.52608", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00293", "scoring_system": "epss", "scoring_elements": "0.52634", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00293", "scoring_system": "epss", "scoring_elements": "0.52601", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00293", "scoring_system": "epss", "scoring_elements": "0.52652", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00293", "scoring_system": "epss", "scoring_elements": "0.52647", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00293", "scoring_system": "epss", "scoring_elements": "0.52697", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00293", "scoring_system": "epss", "scoring_elements": "0.52681", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42385" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42385", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42385" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023936", "reference_id": "2023936", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023936" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/", "reference_id": "6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:00Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567", "reference_id": "999567", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567" }, { "reference_url": "https://security.archlinux.org/AVG-2561", "reference_id": "AVG-2561", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2561" }, { "reference_url": "https://security.archlinux.org/AVG-2562", "reference_id": "AVG-2562", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2562" }, { "reference_url": "https://security.gentoo.org/glsa/202407-17", "reference_id": "GLSA-202407-17", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202407-17" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20211223-0002/", "reference_id": "ntap-20211223-0002", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:00Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20211223-0002/" }, { "reference_url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/", "reference_id": "unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:00Z/" } ], "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" }, { "reference_url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog", "reference_id": "unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:00Z/" } ], "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/", "reference_id": "UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:00Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" }, { "reference_url": "https://usn.ubuntu.com/5179-1/", "reference_id": "USN-5179-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5179-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373365?format=api", "purl": "pkg:alpm/archlinux/busybox@1.34.1-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/busybox@1.34.1-1" } ], "aliases": [ "CVE-2021-42385" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4qpt-mxfy-6bh6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40685?format=api", "vulnerability_id": "VCID-8r73-bpac-dubc", "summary": "Multiple vulnerabilities have been discovered in BusyBox, the worst of which could lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42377.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42377.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42377", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02855", "scoring_system": "epss", "scoring_elements": "0.86174", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.02855", "scoring_system": "epss", "scoring_elements": "0.86236", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02855", "scoring_system": "epss", "scoring_elements": "0.86228", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02855", "scoring_system": "epss", "scoring_elements": "0.86243", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02855", "scoring_system": "epss", "scoring_elements": "0.8624", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02855", "scoring_system": "epss", "scoring_elements": "0.86184", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02855", "scoring_system": "epss", "scoring_elements": "0.86197", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02855", "scoring_system": "epss", "scoring_elements": "0.86198", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02855", "scoring_system": "epss", "scoring_elements": "0.86217", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42377" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42377", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42377" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023895", "reference_id": "2023895", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023895" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567", "reference_id": "999567", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567" }, { "reference_url": "https://security.archlinux.org/AVG-2561", "reference_id": "AVG-2561", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2561" }, { "reference_url": "https://security.archlinux.org/AVG-2562", "reference_id": "AVG-2562", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2562" }, { "reference_url": "https://security.gentoo.org/glsa/202407-17", "reference_id": "GLSA-202407-17", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202407-17" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373365?format=api", "purl": "pkg:alpm/archlinux/busybox@1.34.1-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/busybox@1.34.1-1" } ], "aliases": [ "CVE-2021-42377" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8r73-bpac-dubc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40683?format=api", "vulnerability_id": "VCID-92nk-cwc9-rkg4", "summary": "Multiple vulnerabilities have been discovered in BusyBox, the worst of which could lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42375.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42375.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42375", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19135", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19076", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19269", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.1932", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19035", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19115", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19168", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19175", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19128", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42375" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42375", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42375" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023888", "reference_id": "2023888", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023888" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/", "reference_id": "6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:22:05Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567", "reference_id": "999567", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567" }, { "reference_url": "https://security.archlinux.org/AVG-2561", "reference_id": "AVG-2561", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2561" }, { "reference_url": "https://security.archlinux.org/AVG-2562", "reference_id": "AVG-2562", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2562" }, { "reference_url": "https://security.gentoo.org/glsa/202407-17", "reference_id": "GLSA-202407-17", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202407-17" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20211223-0002/", "reference_id": "ntap-20211223-0002", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:22:05Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20211223-0002/" }, { "reference_url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/", "reference_id": "unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:22:05Z/" } ], "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" }, { "reference_url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog", "reference_id": "unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:22:05Z/" } ], "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/", "reference_id": "UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:22:05Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373365?format=api", "purl": "pkg:alpm/archlinux/busybox@1.34.1-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/busybox@1.34.1-1" } ], "aliases": [ "CVE-2021-42375" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-92nk-cwc9-rkg4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40692?format=api", "vulnerability_id": "VCID-9fex-zr2n-w3cb", "summary": "Multiple vulnerabilities have been discovered in BusyBox, the worst of which could lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42384.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42384.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42384", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.4647", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46535", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46507", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46527", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46476", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46531", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46555", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42384" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42384", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42384" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023933", "reference_id": "2023933", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023933" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/", "reference_id": "6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:01Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567", "reference_id": "999567", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567" }, { "reference_url": "https://security.archlinux.org/AVG-2561", "reference_id": "AVG-2561", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2561" }, { "reference_url": "https://security.archlinux.org/AVG-2562", "reference_id": "AVG-2562", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2562" }, { "reference_url": "https://security.gentoo.org/glsa/202407-17", "reference_id": "GLSA-202407-17", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202407-17" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20211223-0002/", "reference_id": "ntap-20211223-0002", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:01Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20211223-0002/" }, { "reference_url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/", "reference_id": "unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:01Z/" } ], "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" }, { "reference_url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog", "reference_id": "unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:01Z/" } ], "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/", "reference_id": "UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:01Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" }, { "reference_url": "https://usn.ubuntu.com/5179-1/", "reference_id": "USN-5179-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5179-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373365?format=api", "purl": "pkg:alpm/archlinux/busybox@1.34.1-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/busybox@1.34.1-1" } ], "aliases": [ "CVE-2021-42384" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9fex-zr2n-w3cb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40688?format=api", "vulnerability_id": "VCID-dse8-esmh-3ygm", "summary": "Multiple vulnerabilities have been discovered in BusyBox, the worst of which could lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42380.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42380.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42380", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00452", "scoring_system": "epss", "scoring_elements": "0.63711", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00452", "scoring_system": "epss", "scoring_elements": "0.63716", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00452", "scoring_system": "epss", "scoring_elements": "0.63676", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00452", "scoring_system": "epss", "scoring_elements": "0.63728", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00452", "scoring_system": "epss", "scoring_elements": "0.63745", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00452", "scoring_system": "epss", "scoring_elements": "0.63759", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00464", "scoring_system": "epss", "scoring_elements": "0.64309", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00464", "scoring_system": "epss", "scoring_elements": "0.64251", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42380" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42380", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42380" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023912", "reference_id": "2023912", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023912" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/", "reference_id": "6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:07Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567", "reference_id": "999567", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567" }, { "reference_url": "https://security.archlinux.org/AVG-2561", "reference_id": "AVG-2561", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2561" }, { "reference_url": "https://security.archlinux.org/AVG-2562", "reference_id": "AVG-2562", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2562" }, { "reference_url": "https://security.gentoo.org/glsa/202407-17", "reference_id": "GLSA-202407-17", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202407-17" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20211223-0002/", "reference_id": "ntap-20211223-0002", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:07Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20211223-0002/" }, { "reference_url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/", "reference_id": "unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:07Z/" } ], "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" }, { "reference_url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog", "reference_id": "unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:07Z/" } ], "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/", "reference_id": "UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:07Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" }, { "reference_url": "https://usn.ubuntu.com/5179-1/", "reference_id": "USN-5179-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5179-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373365?format=api", "purl": "pkg:alpm/archlinux/busybox@1.34.1-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/busybox@1.34.1-1" } ], "aliases": [ "CVE-2021-42380" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dse8-esmh-3ygm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40687?format=api", "vulnerability_id": "VCID-gdfa-8gar-47gd", "summary": "Multiple vulnerabilities have been discovered in BusyBox, the worst of which could lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42379.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42379.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42379", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.4647", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46535", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46507", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46527", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46476", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46531", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46555", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42379" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42379", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42379" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023904", "reference_id": "2023904", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023904" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/", "reference_id": "6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:08Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567", "reference_id": "999567", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567" }, { "reference_url": "https://security.archlinux.org/AVG-2561", "reference_id": "AVG-2561", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2561" }, { "reference_url": "https://security.archlinux.org/AVG-2562", "reference_id": "AVG-2562", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2562" }, { "reference_url": "https://security.gentoo.org/glsa/202407-17", "reference_id": "GLSA-202407-17", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202407-17" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20211223-0002/", "reference_id": "ntap-20211223-0002", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:08Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20211223-0002/" }, { "reference_url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/", "reference_id": "unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:08Z/" } ], "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" }, { "reference_url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog", "reference_id": "unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:08Z/" } ], "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/", "reference_id": "UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:08Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" }, { "reference_url": "https://usn.ubuntu.com/5179-1/", "reference_id": "USN-5179-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5179-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373365?format=api", "purl": "pkg:alpm/archlinux/busybox@1.34.1-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/busybox@1.34.1-1" } ], "aliases": [ "CVE-2021-42379" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gdfa-8gar-47gd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40686?format=api", "vulnerability_id": "VCID-jjxj-yf1x-4qg5", "summary": "Multiple vulnerabilities have been discovered in BusyBox, the worst of which could lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42378.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42378.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42378", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.4647", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46535", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46507", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46527", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46476", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46531", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46555", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42378" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023900", "reference_id": "2023900", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023900" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/", "reference_id": "6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:10Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567", "reference_id": "999567", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567" }, { "reference_url": "https://security.archlinux.org/AVG-2561", "reference_id": "AVG-2561", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2561" }, { "reference_url": "https://security.archlinux.org/AVG-2562", "reference_id": "AVG-2562", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2562" }, { "reference_url": "https://security.gentoo.org/glsa/202407-17", "reference_id": "GLSA-202407-17", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202407-17" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20211223-0002/", "reference_id": "ntap-20211223-0002", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:10Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20211223-0002/" }, { "reference_url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/", "reference_id": "unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:10Z/" } ], "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" }, { "reference_url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog", "reference_id": "unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:10Z/" } ], "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/", "reference_id": "UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:10Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" }, { "reference_url": "https://usn.ubuntu.com/5179-1/", "reference_id": "USN-5179-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5179-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373365?format=api", "purl": "pkg:alpm/archlinux/busybox@1.34.1-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/busybox@1.34.1-1" } ], "aliases": [ "CVE-2021-42378" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jjxj-yf1x-4qg5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40690?format=api", "vulnerability_id": "VCID-mdmz-hjvu-hke3", "summary": "Multiple vulnerabilities have been discovered in BusyBox, the worst of which could lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42382.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42382.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42382", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.54992", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55117", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55094", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55118", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55093", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55143", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55155", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55135", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42382" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42382", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42382" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023929", "reference_id": "2023929", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023929" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/", "reference_id": "6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:04Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567", "reference_id": "999567", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567" }, { "reference_url": "https://security.archlinux.org/AVG-2561", "reference_id": "AVG-2561", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2561" }, { "reference_url": "https://security.archlinux.org/AVG-2562", "reference_id": "AVG-2562", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2562" }, { "reference_url": "https://security.gentoo.org/glsa/202407-17", "reference_id": "GLSA-202407-17", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202407-17" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20211223-0002/", "reference_id": "ntap-20211223-0002", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:04Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20211223-0002/" }, { "reference_url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/", "reference_id": "unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:04Z/" } ], "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" }, { "reference_url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog", "reference_id": "unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:04Z/" } ], "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/", "reference_id": "UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:04Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" }, { "reference_url": "https://usn.ubuntu.com/5179-1/", "reference_id": "USN-5179-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5179-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373365?format=api", "purl": "pkg:alpm/archlinux/busybox@1.34.1-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/busybox@1.34.1-1" } ], "aliases": [ "CVE-2021-42382" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mdmz-hjvu-hke3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40689?format=api", "vulnerability_id": "VCID-r12h-q1dj-a7b8", "summary": "Multiple vulnerabilities have been discovered in BusyBox, the worst of which could lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42381.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42381.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42381", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.54992", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55117", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55094", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55118", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55093", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55143", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55155", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55135", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42381" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42381", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42381" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023927", "reference_id": "2023927", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023927" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/", "reference_id": "6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:06Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567", "reference_id": "999567", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567" }, { "reference_url": "https://security.archlinux.org/AVG-2561", "reference_id": "AVG-2561", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2561" }, { "reference_url": "https://security.archlinux.org/AVG-2562", "reference_id": "AVG-2562", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2562" }, { "reference_url": "https://security.gentoo.org/glsa/202407-17", "reference_id": "GLSA-202407-17", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202407-17" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20211223-0002/", "reference_id": "ntap-20211223-0002", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:06Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20211223-0002/" }, { "reference_url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/", "reference_id": "unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:06Z/" } ], "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" }, { "reference_url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog", "reference_id": "unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:06Z/" } ], "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/", "reference_id": "UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:06Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" }, { "reference_url": "https://usn.ubuntu.com/5179-1/", "reference_id": "USN-5179-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5179-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373365?format=api", "purl": "pkg:alpm/archlinux/busybox@1.34.1-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/busybox@1.34.1-1" } ], "aliases": [ "CVE-2021-42381" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r12h-q1dj-a7b8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40681?format=api", "vulnerability_id": "VCID-rp81-5jrg-jkht", "summary": "Multiple vulnerabilities have been discovered in BusyBox, the worst of which could lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42373.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42373.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42373", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.2428", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24249", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24331", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24349", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24306", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24407", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24439", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24222", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24288", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42373" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42373", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42373" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023876", "reference_id": "2023876", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023876" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567", "reference_id": "999567", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567" }, { "reference_url": "https://security.archlinux.org/AVG-2561", "reference_id": "AVG-2561", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2561" }, { "reference_url": "https://security.archlinux.org/AVG-2562", "reference_id": "AVG-2562", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2562" }, { "reference_url": "https://security.gentoo.org/glsa/202407-17", "reference_id": "GLSA-202407-17", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202407-17" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373365?format=api", "purl": "pkg:alpm/archlinux/busybox@1.34.1-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/busybox@1.34.1-1" } ], "aliases": [ "CVE-2021-42373" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rp81-5jrg-jkht" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40691?format=api", "vulnerability_id": "VCID-svyb-nqje-dbcs", "summary": "Multiple vulnerabilities have been discovered in BusyBox, the worst of which could lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42383.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42383.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42383", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52144", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.5225", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52188", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52215", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.5218", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52233", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52229", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.5228", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52264", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42383" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42383", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42383" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023931", "reference_id": "2023931", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023931" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/", "reference_id": "6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:03Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567", "reference_id": "999567", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567" }, { "reference_url": "https://security.archlinux.org/AVG-2561", "reference_id": "AVG-2561", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2561" }, { "reference_url": "https://security.archlinux.org/AVG-2562", "reference_id": "AVG-2562", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2562" }, { "reference_url": "https://security.gentoo.org/glsa/202407-17", "reference_id": "GLSA-202407-17", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202407-17" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20211223-0002/", "reference_id": "ntap-20211223-0002", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:03Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20211223-0002/" }, { "reference_url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/", "reference_id": "unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:03Z/" } ], "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" }, { "reference_url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog", "reference_id": "unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:03Z/" } ], "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/", "reference_id": "UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:03Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373365?format=api", "purl": "pkg:alpm/archlinux/busybox@1.34.1-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/busybox@1.34.1-1" } ], "aliases": [ "CVE-2021-42383" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-svyb-nqje-dbcs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40682?format=api", "vulnerability_id": "VCID-tkat-gfks-kqg9", "summary": "Multiple vulnerabilities have been discovered in BusyBox, the worst of which could lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42374.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42374.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42374", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20042", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20022", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20189", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20244", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.19969", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20049", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20107", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20126", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.2008", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42374" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42374", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42374" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023881", "reference_id": "2023881", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023881" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/", "reference_id": "6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:31:05Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567", "reference_id": "999567", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567" }, { "reference_url": "https://security.archlinux.org/AVG-2561", "reference_id": "AVG-2561", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2561" }, { "reference_url": "https://security.archlinux.org/AVG-2562", "reference_id": "AVG-2562", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2562" }, { "reference_url": "https://security.gentoo.org/glsa/202407-17", "reference_id": "GLSA-202407-17", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202407-17" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20211223-0002/", "reference_id": "ntap-20211223-0002", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:31:05Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20211223-0002/" }, { "reference_url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/", "reference_id": "unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:31:05Z/" } ], "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" }, { "reference_url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog", "reference_id": "unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:31:05Z/" } ], "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/", "reference_id": "UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:31:05Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" }, { "reference_url": "https://usn.ubuntu.com/5179-1/", "reference_id": "USN-5179-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5179-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373365?format=api", "purl": "pkg:alpm/archlinux/busybox@1.34.1-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/busybox@1.34.1-1" } ], "aliases": [ "CVE-2021-42374" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tkat-gfks-kqg9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40684?format=api", "vulnerability_id": "VCID-vjyq-6k64-7fat", "summary": "Multiple vulnerabilities have been discovered in BusyBox, the worst of which could lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42376.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42376.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42376", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13819", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13766", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13893", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13851", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13815", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13902", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13958", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.1376", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13843", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42376" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42376", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42376" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023891", "reference_id": "2023891", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023891" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567", "reference_id": "999567", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567" }, { "reference_url": "https://security.archlinux.org/AVG-2561", "reference_id": "AVG-2561", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2561" }, { "reference_url": "https://security.archlinux.org/AVG-2562", "reference_id": "AVG-2562", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2562" }, { "reference_url": "https://security.gentoo.org/glsa/202407-17", "reference_id": "GLSA-202407-17", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202407-17" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373365?format=api", "purl": "pkg:alpm/archlinux/busybox@1.34.1-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/busybox@1.34.1-1" } ], "aliases": [ "CVE-2021-42376" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vjyq-6k64-7fat" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/busybox@1.34.1-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/371001?format=api", "purl": "pkg:alpm/archlinux/busybox@1.36.1-2", "type": "alpm", "namespace": "archlinux", "name": "busybox", "version": "1.36.1-2", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96706?format=api", "vulnerability_id": "VCID-jjqh-pw7r-buau", "summary": "In tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through the use of terminal escape sequences.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-46394", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24224", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24333", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24442", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.2429", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24409", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24251", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24308", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24351", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-46394" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-46394", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-46394" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104008", "reference_id": "1104008", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104008" }, { "reference_url": "https://security.archlinux.org/AVG-2880", "reference_id": "AVG-2880", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2880" }, { "reference_url": "https://www.busybox.net/downloads/", "reference_id": "downloads", "reference_type": "", "scores": [ { "value": "3.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:43:05Z/" } ], "url": "https://www.busybox.net/downloads/" }, { "reference_url": "https://bugs.busybox.net/show_bug.cgi?id=16018", "reference_id": "show_bug.cgi?id=16018", "reference_type": "", "scores": [ { "value": "3.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:43:05Z/" } ], "url": "https://bugs.busybox.net/show_bug.cgi?id=16018" }, { "reference_url": "https://www.busybox.net", "reference_id": "www.busybox.net", "reference_type": "", "scores": [ { "value": "3.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:43:05Z/" } ], "url": "https://www.busybox.net" } ], "fixed_packages": [], "aliases": [ "CVE-2025-46394" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jjqh-pw7r-buau" } ], "fixing_vulnerabilities": [], "risk_score": "1.6", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/busybox@1.36.1-2" }, { "url": "http://public2.vulnerablecode.io/api/packages/375002?format=api", "purl": "pkg:alpm/archlinux/bzip2@1.0.6-5", "type": "alpm", "namespace": "archlinux", "name": "bzip2", "version": "1.0.6-5", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "1.0.6-6", "latest_non_vulnerable_version": "1.0.6-6", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36092?format=api", "vulnerability_id": "VCID-rgbz-6485-tfan", "summary": "An use-after-free vulnerability has been found in bzip2 that could\n allow remote attackers to cause a Denial of Service condition.", "references": [ { "reference_url": "http://packetstormsecurity.com/files/153644/Slackware-Security-Advisory-bzip2-Updates.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/" } ], "url": "http://packetstormsecurity.com/files/153644/Slackware-Security-Advisory-bzip2-Updates.html" }, { "reference_url": "http://packetstormsecurity.com/files/153957/FreeBSD-Security-Advisory-FreeBSD-SA-19-18.bzip2.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/" } ], "url": "http://packetstormsecurity.com/files/153957/FreeBSD-Security-Advisory-FreeBSD-SA-19-18.bzip2.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3189.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3189.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3189", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.23714", "scoring_system": "epss", "scoring_elements": "0.95993", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.23714", "scoring_system": "epss", "scoring_elements": "0.95991", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.23714", "scoring_system": "epss", "scoring_elements": "0.95977", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.23714", "scoring_system": "epss", "scoring_elements": "0.95971", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.23714", "scoring_system": "epss", "scoring_elements": "0.95982", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.23714", "scoring_system": "epss", "scoring_elements": "0.95963", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.23714", "scoring_system": "epss", "scoring_elements": "0.95999", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.23714", "scoring_system": "epss", "scoring_elements": "0.95996", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3189" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3189", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3189" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:M/Au:N/C:N/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://lists.apache.org/thread.html/r19b4a70ac52093115fd71d773a7a4f579599e6275a13cfcf6252c3e3%40%3Cjira.kafka.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/" } ], "url": "https://lists.apache.org/thread.html/r19b4a70ac52093115fd71d773a7a4f579599e6275a13cfcf6252c3e3%40%3Cjira.kafka.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r1dc4c9b3bd559301bdb1557245f78b8910146efb1ee534b774c5f6af%40%3Cdev.kafka.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/" } ], "url": "https://lists.apache.org/thread.html/r1dc4c9b3bd559301bdb1557245f78b8910146efb1ee534b774c5f6af%40%3Cdev.kafka.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r481cda41fefb03e04c51484ed14421d812e5ce9e0972edff10f37260%40%3Cjira.kafka.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/" } ], "url": "https://lists.apache.org/thread.html/r481cda41fefb03e04c51484ed14421d812e5ce9e0972edff10f37260%40%3Cjira.kafka.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r4ad2ea01354e394b7fa8c78a184b7e1634d51be9bc0e9e4d7e6c9305%40%3Cjira.kafka.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/" } ], "url": "https://lists.apache.org/thread.html/r4ad2ea01354e394b7fa8c78a184b7e1634d51be9bc0e9e4d7e6c9305%40%3Cjira.kafka.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r5f7ac2bd631ccb12ced65b71ff11f94e76d05b22000795e4a7b61203%40%3Cjira.kafka.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/" } ], "url": "https://lists.apache.org/thread.html/r5f7ac2bd631ccb12ced65b71ff11f94e76d05b22000795e4a7b61203%40%3Cjira.kafka.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r5f80cf3ade5bb73410643e885fe6b7bf9f0222daf3533e42c7ae240c%40%3Cjira.kafka.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/" } ], "url": "https://lists.apache.org/thread.html/r5f80cf3ade5bb73410643e885fe6b7bf9f0222daf3533e42c7ae240c%40%3Cjira.kafka.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r6e3962fc9f6a79851f70cffdec5759065969cec9c6708b964464b301%40%3Cjira.kafka.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/" } ], "url": "https://lists.apache.org/thread.html/r6e3962fc9f6a79851f70cffdec5759065969cec9c6708b964464b301%40%3Cjira.kafka.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/ra0adb9653c7de9539b93cc8434143b655f753b9f60580ff260becb2b%40%3Cusers.kafka.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/" } ], "url": "https://lists.apache.org/thread.html/ra0adb9653c7de9539b93cc8434143b655f753b9f60580ff260becb2b%40%3Cusers.kafka.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/redf17d8ad16140733b25ca402ae825d6dfa9b85f73d9fb3fd0c75d73%40%3Cdev.kafka.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/" } ], "url": "https://lists.apache.org/thread.html/redf17d8ad16140733b25ca402ae825d6dfa9b85f73d9fb3fd0c75d73%40%3Cdev.kafka.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rffebcbeaace56ff1fed7916700d2f414ca1366386fb1293e99b3e31e%40%3Cjira.kafka.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/" } ], "url": "https://lists.apache.org/thread.html/rffebcbeaace56ff1fed7916700d2f414ca1366386fb1293e99b3e31e%40%3Cjira.kafka.apache.org%3E" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00021.html" }, { "reference_url": "https://seclists.org/bugtraq/2019/Aug/4", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/" } ], "url": "https://seclists.org/bugtraq/2019/Aug/4" }, { "reference_url": "https://seclists.org/bugtraq/2019/Jul/22", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/" } ], "url": "https://seclists.org/bugtraq/2019/Jul/22" }, { "reference_url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:18.bzip2.asc", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/" } ], "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:18.bzip2.asc" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2020.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/" } ], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/06/20/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2016/06/20/1" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/" } ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html" }, { "reference_url": "http://www.securityfocus.com/bid/91297", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/" } ], "url": "http://www.securityfocus.com/bid/91297" }, { "reference_url": "http://www.securitytracker.com/id/1036132", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/" } ], "url": "http://www.securitytracker.com/id/1036132" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1319648", "reference_id": "1319648", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1319648" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=827744", "reference_id": "827744", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=827744" }, { "reference_url": "https://security.archlinux.org/ASA-201702-19", "reference_id": "ASA-201702-19", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201702-19" }, { "reference_url": "https://security.archlinux.org/AVG-4", "reference_id": "AVG-4", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-4" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bzip:bzip2:1.0.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:bzip:bzip2:1.0.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bzip:bzip2:1.0.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3189", "reference_id": "CVE-2016-3189", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3189" }, { "reference_url": "https://security.gentoo.org/glsa/201708-08", "reference_id": "GLSA-201708-08", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/" } ], "url": "https://security.gentoo.org/glsa/201708-08" }, { "reference_url": "https://usn.ubuntu.com/4038-1/", "reference_id": "USN-4038-1", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/" } ], "url": "https://usn.ubuntu.com/4038-1/" }, { "reference_url": "https://usn.ubuntu.com/4038-2/", "reference_id": "USN-4038-2", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/" } ], "url": "https://usn.ubuntu.com/4038-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/375003?format=api", "purl": "pkg:alpm/archlinux/bzip2@1.0.6-6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bzip2@1.0.6-6" } ], "aliases": [ "CVE-2016-3189" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rgbz-6485-tfan" } ], "fixing_vulnerabilities": [], "risk_score": "3.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bzip2@1.0.6-5" }, { "url": "http://public2.vulnerablecode.io/api/packages/375003?format=api", "purl": "pkg:alpm/archlinux/bzip2@1.0.6-6", "type": "alpm", "namespace": "archlinux", "name": "bzip2", "version": "1.0.6-6", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36092?format=api", "vulnerability_id": "VCID-rgbz-6485-tfan", "summary": "An use-after-free vulnerability has been found in bzip2 that could\n allow remote attackers to cause a Denial of Service condition.", "references": [ { "reference_url": "http://packetstormsecurity.com/files/153644/Slackware-Security-Advisory-bzip2-Updates.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/" } ], "url": "http://packetstormsecurity.com/files/153644/Slackware-Security-Advisory-bzip2-Updates.html" }, { "reference_url": "http://packetstormsecurity.com/files/153957/FreeBSD-Security-Advisory-FreeBSD-SA-19-18.bzip2.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/" } ], "url": "http://packetstormsecurity.com/files/153957/FreeBSD-Security-Advisory-FreeBSD-SA-19-18.bzip2.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3189.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3189.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3189", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.23714", "scoring_system": "epss", "scoring_elements": "0.95993", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.23714", "scoring_system": "epss", "scoring_elements": "0.95991", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.23714", "scoring_system": "epss", "scoring_elements": "0.95977", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.23714", "scoring_system": "epss", "scoring_elements": "0.95971", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.23714", "scoring_system": "epss", "scoring_elements": "0.95982", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.23714", "scoring_system": "epss", "scoring_elements": "0.95963", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.23714", "scoring_system": "epss", "scoring_elements": "0.95999", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.23714", "scoring_system": "epss", "scoring_elements": "0.95996", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3189" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3189", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3189" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:M/Au:N/C:N/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://lists.apache.org/thread.html/r19b4a70ac52093115fd71d773a7a4f579599e6275a13cfcf6252c3e3%40%3Cjira.kafka.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/" } ], "url": "https://lists.apache.org/thread.html/r19b4a70ac52093115fd71d773a7a4f579599e6275a13cfcf6252c3e3%40%3Cjira.kafka.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r1dc4c9b3bd559301bdb1557245f78b8910146efb1ee534b774c5f6af%40%3Cdev.kafka.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/" } ], "url": "https://lists.apache.org/thread.html/r1dc4c9b3bd559301bdb1557245f78b8910146efb1ee534b774c5f6af%40%3Cdev.kafka.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r481cda41fefb03e04c51484ed14421d812e5ce9e0972edff10f37260%40%3Cjira.kafka.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/" } ], "url": "https://lists.apache.org/thread.html/r481cda41fefb03e04c51484ed14421d812e5ce9e0972edff10f37260%40%3Cjira.kafka.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r4ad2ea01354e394b7fa8c78a184b7e1634d51be9bc0e9e4d7e6c9305%40%3Cjira.kafka.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/" } ], "url": "https://lists.apache.org/thread.html/r4ad2ea01354e394b7fa8c78a184b7e1634d51be9bc0e9e4d7e6c9305%40%3Cjira.kafka.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r5f7ac2bd631ccb12ced65b71ff11f94e76d05b22000795e4a7b61203%40%3Cjira.kafka.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/" } ], "url": "https://lists.apache.org/thread.html/r5f7ac2bd631ccb12ced65b71ff11f94e76d05b22000795e4a7b61203%40%3Cjira.kafka.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r5f80cf3ade5bb73410643e885fe6b7bf9f0222daf3533e42c7ae240c%40%3Cjira.kafka.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/" } ], "url": "https://lists.apache.org/thread.html/r5f80cf3ade5bb73410643e885fe6b7bf9f0222daf3533e42c7ae240c%40%3Cjira.kafka.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r6e3962fc9f6a79851f70cffdec5759065969cec9c6708b964464b301%40%3Cjira.kafka.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/" } ], "url": "https://lists.apache.org/thread.html/r6e3962fc9f6a79851f70cffdec5759065969cec9c6708b964464b301%40%3Cjira.kafka.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/ra0adb9653c7de9539b93cc8434143b655f753b9f60580ff260becb2b%40%3Cusers.kafka.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/" } ], "url": "https://lists.apache.org/thread.html/ra0adb9653c7de9539b93cc8434143b655f753b9f60580ff260becb2b%40%3Cusers.kafka.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/redf17d8ad16140733b25ca402ae825d6dfa9b85f73d9fb3fd0c75d73%40%3Cdev.kafka.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/" } ], "url": "https://lists.apache.org/thread.html/redf17d8ad16140733b25ca402ae825d6dfa9b85f73d9fb3fd0c75d73%40%3Cdev.kafka.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rffebcbeaace56ff1fed7916700d2f414ca1366386fb1293e99b3e31e%40%3Cjira.kafka.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/" } ], "url": "https://lists.apache.org/thread.html/rffebcbeaace56ff1fed7916700d2f414ca1366386fb1293e99b3e31e%40%3Cjira.kafka.apache.org%3E" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00021.html" }, { "reference_url": "https://seclists.org/bugtraq/2019/Aug/4", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/" } ], "url": "https://seclists.org/bugtraq/2019/Aug/4" }, { "reference_url": "https://seclists.org/bugtraq/2019/Jul/22", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/" } ], "url": "https://seclists.org/bugtraq/2019/Jul/22" }, { "reference_url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:18.bzip2.asc", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/" } ], "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:18.bzip2.asc" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2020.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/" } ], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/06/20/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2016/06/20/1" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/" } ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html" }, { "reference_url": "http://www.securityfocus.com/bid/91297", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/" } ], "url": "http://www.securityfocus.com/bid/91297" }, { "reference_url": "http://www.securitytracker.com/id/1036132", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/" } ], "url": "http://www.securitytracker.com/id/1036132" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1319648", "reference_id": "1319648", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1319648" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=827744", "reference_id": "827744", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=827744" }, { "reference_url": "https://security.archlinux.org/ASA-201702-19", "reference_id": "ASA-201702-19", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201702-19" }, { "reference_url": "https://security.archlinux.org/AVG-4", "reference_id": "AVG-4", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-4" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bzip:bzip2:1.0.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:bzip:bzip2:1.0.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bzip:bzip2:1.0.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3189", "reference_id": "CVE-2016-3189", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3189" }, { "reference_url": "https://security.gentoo.org/glsa/201708-08", "reference_id": "GLSA-201708-08", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/" } ], "url": "https://security.gentoo.org/glsa/201708-08" }, { "reference_url": "https://usn.ubuntu.com/4038-1/", "reference_id": "USN-4038-1", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/" } ], "url": "https://usn.ubuntu.com/4038-1/" }, { "reference_url": "https://usn.ubuntu.com/4038-2/", "reference_id": "USN-4038-2", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/" } ], "url": "https://usn.ubuntu.com/4038-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/375003?format=api", "purl": "pkg:alpm/archlinux/bzip2@1.0.6-6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bzip2@1.0.6-6" } ], "aliases": [ "CVE-2016-3189" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rgbz-6485-tfan" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bzip2@1.0.6-6" }, { "url": "http://public2.vulnerablecode.io/api/packages/374520?format=api", "purl": "pkg:alpm/archlinux/cacti@1.1.13-1", "type": "alpm", "namespace": "archlinux", "name": "cacti", "version": "1.1.13-1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "1.1.14-1", "latest_non_vulnerable_version": "1.2.16-2", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/93071?format=api", "vulnerability_id": "VCID-afss-mcgj-7bce", "summary": "Cross-site scripting (XSS) vulnerability in auth_profile.php in Cacti 1.1.13 allows remote attackers to inject arbitrary web script or HTML via specially crafted HTTP Referer headers.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-11691", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66228", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66154", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66195", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66222", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66191", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66239", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66252", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66272", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66259", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-11691" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11691", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11691" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869848", "reference_id": "869848", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869848" }, { "reference_url": "https://security.archlinux.org/ASA-201707-30", "reference_id": "ASA-201707-30", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201707-30" }, { "reference_url": "https://security.archlinux.org/AVG-365", "reference_id": "AVG-365", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-365" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374521?format=api", "purl": "pkg:alpm/archlinux/cacti@1.1.14-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/cacti@1.1.14-1" } ], "aliases": [ "CVE-2017-11691" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-afss-mcgj-7bce" } ], "fixing_vulnerabilities": [], "risk_score": "3.1", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/cacti@1.1.13-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/374521?format=api", "purl": "pkg:alpm/archlinux/cacti@1.1.14-1", "type": "alpm", "namespace": "archlinux", "name": "cacti", "version": "1.1.14-1", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "1.1.28-1", "latest_non_vulnerable_version": "1.2.16-2", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/93071?format=api", "vulnerability_id": "VCID-afss-mcgj-7bce", "summary": "Cross-site scripting (XSS) vulnerability in auth_profile.php in Cacti 1.1.13 allows remote attackers to inject arbitrary web script or HTML via specially crafted HTTP Referer headers.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-11691", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66228", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66154", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66195", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66222", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66191", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66239", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66252", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66272", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66259", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-11691" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11691", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11691" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869848", "reference_id": "869848", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869848" }, { "reference_url": "https://security.archlinux.org/ASA-201707-30", "reference_id": "ASA-201707-30", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201707-30" }, { "reference_url": "https://security.archlinux.org/AVG-365", "reference_id": "AVG-365", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-365" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374521?format=api", "purl": "pkg:alpm/archlinux/cacti@1.1.14-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/cacti@1.1.14-1" } ], "aliases": [ "CVE-2017-11691" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-afss-mcgj-7bce" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/cacti@1.1.14-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/372847?format=api", "purl": "pkg:alpm/archlinux/cacti@1.1.17-1", "type": "alpm", "namespace": "archlinux", "name": "cacti", "version": "1.1.17-1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "1.1.28-1", "latest_non_vulnerable_version": "1.2.16-2", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/93157?format=api", "vulnerability_id": "VCID-q88b-smmh-77ga", "summary": "Cacti 1.1.27 allows remote authenticated administrators to conduct Remote Code Execution attacks by placing the Log Path under the web root, and then making a remote_agent.php request containing PHP code in a Client-ip header.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-16660", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01457", "scoring_system": "epss", "scoring_elements": "0.80764", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01457", "scoring_system": "epss", "scoring_elements": "0.80772", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01457", "scoring_system": "epss", "scoring_elements": "0.80793", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01457", "scoring_system": "epss", "scoring_elements": "0.8079", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01457", "scoring_system": "epss", "scoring_elements": "0.80817", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01457", "scoring_system": "epss", "scoring_elements": "0.80826", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02642", "scoring_system": "epss", "scoring_elements": "0.85723", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02642", "scoring_system": "epss", "scoring_elements": "0.8572", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02642", "scoring_system": "epss", "scoring_elements": "0.85716", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-16660" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16660", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16660" }, { "reference_url": "https://github.com/Cacti/cacti/issues/1066", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/Cacti/cacti/issues/1066" }, { "reference_url": "https://security.archlinux.org/ASA-201712-2", "reference_id": "ASA-201712-2", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201712-2" }, { "reference_url": "https://security.archlinux.org/AVG-537", "reference_id": "AVG-537", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-537" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cacti:cacti:1.1.27:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:cacti:cacti:1.1.27:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cacti:cacti:1.1.27:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16660", "reference_id": "CVE-2017-16660", "reference_type": "", "scores": [ { "value": "9.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:C/I:C/A:C" }, { "value": "7.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16660" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372848?format=api", "purl": "pkg:alpm/archlinux/cacti@1.1.28-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/cacti@1.1.28-1" } ], "aliases": [ "CVE-2017-16660" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q88b-smmh-77ga" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/93156?format=api", "vulnerability_id": "VCID-qbvv-frc2-rqbk", "summary": "lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators to execute arbitrary OS commands via the path_rrdtool parameter in an action=save request to settings.php.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-16641", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00465", "scoring_system": "epss", "scoring_elements": "0.64294", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00465", "scoring_system": "epss", "scoring_elements": "0.64351", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00465", "scoring_system": "epss", "scoring_elements": "0.6438", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00465", "scoring_system": "epss", "scoring_elements": "0.64339", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00465", "scoring_system": "epss", "scoring_elements": "0.64387", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00465", "scoring_system": "epss", "scoring_elements": "0.64402", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0126", "scoring_system": "epss", "scoring_elements": "0.79432", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0126", "scoring_system": "epss", "scoring_elements": "0.79415", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0126", "scoring_system": "epss", "scoring_elements": "0.79404", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-16641" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16641", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16641" }, { "reference_url": "https://github.com/Cacti/cacti/issues/1057", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/Cacti/cacti/issues/1057" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881110", "reference_id": "881110", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881110" }, { "reference_url": "https://security.archlinux.org/ASA-201712-2", "reference_id": "ASA-201712-2", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201712-2" }, { "reference_url": "https://security.archlinux.org/AVG-537", "reference_id": "AVG-537", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-537" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cacti:cacti:1.1.27:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:cacti:cacti:1.1.27:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cacti:cacti:1.1.27:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16641", "reference_id": "CVE-2017-16641", "reference_type": "", "scores": [ { "value": "9.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:C/I:C/A:C" }, { "value": "7.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16641" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372848?format=api", "purl": "pkg:alpm/archlinux/cacti@1.1.28-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/cacti@1.1.28-1" } ], "aliases": [ "CVE-2017-16641" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qbvv-frc2-rqbk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/93158?format=api", "vulnerability_id": "VCID-x1fg-6mq4-d7ds", "summary": "Cacti 1.1.27 allows remote authenticated administrators to read arbitrary files by placing the Log Path into a private directory, and then making a clog.php?filename= request, as demonstrated by filename=passwd (with a Log Path under /etc) to read /etc/passwd.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-16661", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00112", "scoring_system": "epss", "scoring_elements": "0.29806", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00112", "scoring_system": "epss", "scoring_elements": "0.29711", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00112", "scoring_system": "epss", "scoring_elements": "0.29761", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39665", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39812", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39827", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39757", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39814", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39837", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-16661" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16661", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16661" }, { "reference_url": "https://github.com/Cacti/cacti/issues/1066", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/Cacti/cacti/issues/1066" }, { "reference_url": "https://security.archlinux.org/ASA-201712-2", "reference_id": "ASA-201712-2", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201712-2" }, { "reference_url": "https://security.archlinux.org/AVG-537", "reference_id": "AVG-537", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-537" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cacti:cacti:1.1.27:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:cacti:cacti:1.1.27:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cacti:cacti:1.1.27:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16661", "reference_id": "CVE-2017-16661", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:P/I:N/A:N" }, { "value": "4.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16661" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372848?format=api", "purl": "pkg:alpm/archlinux/cacti@1.1.28-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/cacti@1.1.28-1" } ], "aliases": [ "CVE-2017-16661" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x1fg-6mq4-d7ds" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/93159?format=api", "vulnerability_id": "VCID-yjny-ubdp-7few", "summary": "Cacti 1.1.27 has reflected XSS via the PATH_INFO to host.php.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-16785", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00182", "scoring_system": "epss", "scoring_elements": "0.40045", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00182", "scoring_system": "epss", "scoring_elements": "0.39988", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00182", "scoring_system": "epss", "scoring_elements": "0.40008", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41485", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.4158", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41589", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.4153", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41574", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41603", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-16785" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16785", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16785" }, { "reference_url": "https://github.com/Cacti/cacti/issues/1071", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/Cacti/cacti/issues/1071" }, { "reference_url": "http://www.securitytracker.com/id/1039774", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1039774" }, { "reference_url": "https://security.archlinux.org/ASA-201712-2", "reference_id": "ASA-201712-2", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201712-2" }, { "reference_url": "https://security.archlinux.org/AVG-537", "reference_id": "AVG-537", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-537" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cacti:cacti:1.1.27:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:cacti:cacti:1.1.27:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cacti:cacti:1.1.27:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16785", "reference_id": "CVE-2017-16785", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16785" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372848?format=api", "purl": "pkg:alpm/archlinux/cacti@1.1.28-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/cacti@1.1.28-1" } ], "aliases": [ "CVE-2017-16785" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yjny-ubdp-7few" } ], "fixing_vulnerabilities": [], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/cacti@1.1.17-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/372848?format=api", "purl": "pkg:alpm/archlinux/cacti@1.1.28-1", "type": "alpm", "namespace": "archlinux", "name": "cacti", "version": "1.1.28-1", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "1.2.16-2", "latest_non_vulnerable_version": "1.2.16-2", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/93157?format=api", "vulnerability_id": "VCID-q88b-smmh-77ga", "summary": "Cacti 1.1.27 allows remote authenticated administrators to conduct Remote Code Execution attacks by placing the Log Path under the web root, and then making a remote_agent.php request containing PHP code in a Client-ip header.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-16660", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01457", "scoring_system": "epss", "scoring_elements": "0.80764", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01457", "scoring_system": "epss", "scoring_elements": "0.80772", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01457", "scoring_system": "epss", "scoring_elements": "0.80793", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01457", "scoring_system": "epss", "scoring_elements": "0.8079", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01457", "scoring_system": "epss", "scoring_elements": "0.80817", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01457", "scoring_system": "epss", "scoring_elements": "0.80826", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02642", "scoring_system": "epss", "scoring_elements": "0.85723", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02642", "scoring_system": "epss", "scoring_elements": "0.8572", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02642", "scoring_system": "epss", "scoring_elements": "0.85716", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-16660" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16660", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16660" }, { "reference_url": "https://github.com/Cacti/cacti/issues/1066", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/Cacti/cacti/issues/1066" }, { "reference_url": "https://security.archlinux.org/ASA-201712-2", "reference_id": "ASA-201712-2", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201712-2" }, { "reference_url": "https://security.archlinux.org/AVG-537", "reference_id": "AVG-537", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-537" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cacti:cacti:1.1.27:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:cacti:cacti:1.1.27:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cacti:cacti:1.1.27:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16660", "reference_id": "CVE-2017-16660", "reference_type": "", "scores": [ { "value": "9.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:C/I:C/A:C" }, { "value": "7.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16660" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372848?format=api", "purl": "pkg:alpm/archlinux/cacti@1.1.28-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/cacti@1.1.28-1" } ], "aliases": [ "CVE-2017-16660" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q88b-smmh-77ga" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/93156?format=api", "vulnerability_id": "VCID-qbvv-frc2-rqbk", "summary": "lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators to execute arbitrary OS commands via the path_rrdtool parameter in an action=save request to settings.php.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-16641", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00465", "scoring_system": "epss", "scoring_elements": "0.64294", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00465", "scoring_system": "epss", "scoring_elements": "0.64351", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00465", "scoring_system": "epss", "scoring_elements": "0.6438", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00465", "scoring_system": "epss", "scoring_elements": "0.64339", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00465", "scoring_system": "epss", "scoring_elements": "0.64387", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00465", "scoring_system": "epss", "scoring_elements": "0.64402", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0126", "scoring_system": "epss", "scoring_elements": "0.79432", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0126", "scoring_system": "epss", "scoring_elements": "0.79415", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0126", "scoring_system": "epss", "scoring_elements": "0.79404", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-16641" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16641", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16641" }, { "reference_url": "https://github.com/Cacti/cacti/issues/1057", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/Cacti/cacti/issues/1057" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881110", "reference_id": "881110", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881110" }, { "reference_url": "https://security.archlinux.org/ASA-201712-2", "reference_id": "ASA-201712-2", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201712-2" }, { "reference_url": "https://security.archlinux.org/AVG-537", "reference_id": "AVG-537", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-537" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cacti:cacti:1.1.27:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:cacti:cacti:1.1.27:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cacti:cacti:1.1.27:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16641", "reference_id": "CVE-2017-16641", "reference_type": "", "scores": [ { "value": "9.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:C/I:C/A:C" }, { "value": "7.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16641" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372848?format=api", "purl": "pkg:alpm/archlinux/cacti@1.1.28-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/cacti@1.1.28-1" } ], "aliases": [ "CVE-2017-16641" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qbvv-frc2-rqbk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/93158?format=api", "vulnerability_id": "VCID-x1fg-6mq4-d7ds", "summary": "Cacti 1.1.27 allows remote authenticated administrators to read arbitrary files by placing the Log Path into a private directory, and then making a clog.php?filename= request, as demonstrated by filename=passwd (with a Log Path under /etc) to read /etc/passwd.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-16661", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00112", "scoring_system": "epss", "scoring_elements": "0.29806", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00112", "scoring_system": "epss", "scoring_elements": "0.29711", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00112", "scoring_system": "epss", "scoring_elements": "0.29761", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39665", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39812", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39827", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39757", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39814", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39837", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-16661" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16661", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16661" }, { "reference_url": "https://github.com/Cacti/cacti/issues/1066", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/Cacti/cacti/issues/1066" }, { "reference_url": "https://security.archlinux.org/ASA-201712-2", "reference_id": "ASA-201712-2", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201712-2" }, { "reference_url": "https://security.archlinux.org/AVG-537", "reference_id": "AVG-537", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-537" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cacti:cacti:1.1.27:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:cacti:cacti:1.1.27:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cacti:cacti:1.1.27:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16661", "reference_id": "CVE-2017-16661", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:P/I:N/A:N" }, { "value": "4.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16661" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372848?format=api", "purl": "pkg:alpm/archlinux/cacti@1.1.28-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/cacti@1.1.28-1" } ], "aliases": [ "CVE-2017-16661" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x1fg-6mq4-d7ds" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/93159?format=api", "vulnerability_id": "VCID-yjny-ubdp-7few", "summary": "Cacti 1.1.27 has reflected XSS via the PATH_INFO to host.php.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-16785", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00182", "scoring_system": "epss", "scoring_elements": "0.40045", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00182", "scoring_system": "epss", "scoring_elements": "0.39988", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00182", "scoring_system": "epss", "scoring_elements": "0.40008", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41485", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.4158", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41589", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.4153", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41574", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41603", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-16785" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16785", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16785" }, { "reference_url": "https://github.com/Cacti/cacti/issues/1071", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/Cacti/cacti/issues/1071" }, { "reference_url": "http://www.securitytracker.com/id/1039774", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1039774" }, { "reference_url": "https://security.archlinux.org/ASA-201712-2", "reference_id": "ASA-201712-2", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201712-2" }, { "reference_url": "https://security.archlinux.org/AVG-537", "reference_id": "AVG-537", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-537" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cacti:cacti:1.1.27:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:cacti:cacti:1.1.27:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cacti:cacti:1.1.27:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16785", "reference_id": "CVE-2017-16785", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16785" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372848?format=api", "purl": "pkg:alpm/archlinux/cacti@1.1.28-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/cacti@1.1.28-1" } ], "aliases": [ "CVE-2017-16785" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yjny-ubdp-7few" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/cacti@1.1.28-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/372196?format=api", "purl": "pkg:alpm/archlinux/cacti@1.2.16-1", "type": "alpm", "namespace": "archlinux", "name": "cacti", "version": "1.2.16-1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "1.2.16-2", "latest_non_vulnerable_version": "1.2.16-2", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/32093?format=api", "vulnerability_id": "VCID-qvkt-vk55-4bbx", "summary": "A vulnerability in Cacti could lead to remote code execution.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35701", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01839", "scoring_system": "epss", "scoring_elements": "0.82949", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01839", "scoring_system": "epss", "scoring_elements": "0.82885", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01839", "scoring_system": "epss", "scoring_elements": "0.82901", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01839", "scoring_system": "epss", "scoring_elements": "0.82914", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01839", "scoring_system": "epss", "scoring_elements": "0.8291", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01839", "scoring_system": "epss", "scoring_elements": "0.82936", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01839", "scoring_system": "epss", "scoring_elements": "0.82943", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01839", "scoring_system": "epss", "scoring_elements": "0.82958", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01839", "scoring_system": "epss", "scoring_elements": "0.82953", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35701" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35701", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35701" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=979998", "reference_id": "979998", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=979998" }, { "reference_url": "https://security.archlinux.org/AVG-1433", "reference_id": "AVG-1433", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1433" }, { "reference_url": "https://security.gentoo.org/glsa/202101-31", "reference_id": "GLSA-202101-31", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202101-31" }, { "reference_url": "https://usn.ubuntu.com/USN-5214-1/", "reference_id": "USN-USN-5214-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5214-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372197?format=api", "purl": "pkg:alpm/archlinux/cacti@1.2.16-2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/cacti@1.2.16-2" } ], "aliases": [ "CVE-2020-35701" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qvkt-vk55-4bbx" } ], "fixing_vulnerabilities": [], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/cacti@1.2.16-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/372197?format=api", "purl": "pkg:alpm/archlinux/cacti@1.2.16-2", "type": "alpm", "namespace": "archlinux", "name": "cacti", "version": "1.2.16-2", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/32093?format=api", "vulnerability_id": "VCID-qvkt-vk55-4bbx", "summary": "A vulnerability in Cacti could lead to remote code execution.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35701", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01839", "scoring_system": "epss", "scoring_elements": "0.82949", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01839", "scoring_system": "epss", "scoring_elements": "0.82885", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01839", "scoring_system": "epss", "scoring_elements": "0.82901", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01839", "scoring_system": "epss", "scoring_elements": "0.82914", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01839", "scoring_system": "epss", "scoring_elements": "0.8291", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01839", "scoring_system": "epss", "scoring_elements": "0.82936", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01839", "scoring_system": "epss", "scoring_elements": "0.82943", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01839", "scoring_system": "epss", "scoring_elements": "0.82958", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01839", "scoring_system": "epss", "scoring_elements": "0.82953", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35701" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35701", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35701" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=979998", "reference_id": "979998", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=979998" }, { "reference_url": "https://security.archlinux.org/AVG-1433", "reference_id": "AVG-1433", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1433" }, { "reference_url": "https://security.gentoo.org/glsa/202101-31", "reference_id": "GLSA-202101-31", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202101-31" }, { "reference_url": "https://usn.ubuntu.com/USN-5214-1/", "reference_id": "USN-USN-5214-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5214-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372197?format=api", "purl": "pkg:alpm/archlinux/cacti@1.2.16-2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/cacti@1.2.16-2" } ], "aliases": [ "CVE-2020-35701" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qvkt-vk55-4bbx" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/cacti@1.2.16-2" }, { "url": "http://public2.vulnerablecode.io/api/packages/374973?format=api", "purl": "pkg:alpm/archlinux/cairo@1.14.10-1", "type": "alpm", "namespace": "archlinux", "name": "cairo", "version": "1.14.10-1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "1.15.8-1", "latest_non_vulnerable_version": "1.17.4-5", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7954?format=api", "vulnerability_id": "VCID-m37e-xj39-eqfu", "summary": "NULL Pointer Dereference\nCairo is vulnerable to a NULL pointer dereference related to the FT_Load_Glyph and FT_Render_Glyph resulting in an application crash.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7475.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7475.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7475", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00282", "scoring_system": "epss", "scoring_elements": "0.51551", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00282", "scoring_system": "epss", "scoring_elements": "0.5145", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00282", "scoring_system": "epss", "scoring_elements": "0.51501", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00282", "scoring_system": "epss", "scoring_elements": "0.51528", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00282", "scoring_system": "epss", "scoring_elements": "0.51489", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00282", "scoring_system": "epss", "scoring_elements": "0.51542", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00282", "scoring_system": "epss", "scoring_elements": "0.51539", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00282", "scoring_system": "epss", "scoring_elements": "0.51584", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00282", "scoring_system": "epss", "scoring_elements": "0.51563", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7475" }, { "reference_url": "https://bugs.freedesktop.org/show_bug.cgi?id=100763", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.freedesktop.org/show_bug.cgi?id=100763" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7475", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7475" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7475", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7475" }, { "reference_url": "http://seclists.org/oss-sec/2017/q2/151", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/oss-sec/2017/q2/151" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rcairo/rcairo", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rcairo/rcairo" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/cairo/CVE-2017-7475.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/cairo/CVE-2017-7475.yml" }, { "reference_url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1447949", "reference_id": "1447949", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1447949" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870264", "reference_id": "870264", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870264" }, { "reference_url": "https://security.archlinux.org/AVG-277", "reference_id": "AVG-277", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-277" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7475", "reference_id": "CVE-2017-7475", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7475" }, { "reference_url": "https://github.com/advisories/GHSA-5v3f-73gv-x7x5", "reference_id": "GHSA-5v3f-73gv-x7x5", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5v3f-73gv-x7x5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374974?format=api", "purl": "pkg:alpm/archlinux/cairo@1.15.8-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/cairo@1.15.8-1" } ], "aliases": [ "CVE-2017-7475", "GHSA-5v3f-73gv-x7x5" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m37e-xj39-eqfu" } ], "fixing_vulnerabilities": [], "risk_score": "3.1", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/cairo@1.14.10-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/374974?format=api", "purl": "pkg:alpm/archlinux/cairo@1.15.8-1", "type": "alpm", "namespace": "archlinux", "name": "cairo", "version": "1.15.8-1", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "1.16.0-2", "latest_non_vulnerable_version": "1.17.4-5", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7954?format=api", "vulnerability_id": "VCID-m37e-xj39-eqfu", "summary": "NULL Pointer Dereference\nCairo is vulnerable to a NULL pointer dereference related to the FT_Load_Glyph and FT_Render_Glyph resulting in an application crash.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7475.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7475.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7475", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00282", "scoring_system": "epss", "scoring_elements": "0.51551", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00282", "scoring_system": "epss", "scoring_elements": "0.5145", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00282", "scoring_system": "epss", "scoring_elements": "0.51501", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00282", "scoring_system": "epss", "scoring_elements": "0.51528", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00282", "scoring_system": "epss", "scoring_elements": "0.51489", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00282", "scoring_system": "epss", "scoring_elements": "0.51542", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00282", "scoring_system": "epss", "scoring_elements": "0.51539", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00282", "scoring_system": "epss", "scoring_elements": "0.51584", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00282", "scoring_system": "epss", "scoring_elements": "0.51563", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7475" }, { "reference_url": "https://bugs.freedesktop.org/show_bug.cgi?id=100763", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.freedesktop.org/show_bug.cgi?id=100763" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7475", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7475" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7475", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7475" }, { "reference_url": "http://seclists.org/oss-sec/2017/q2/151", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/oss-sec/2017/q2/151" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rcairo/rcairo", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rcairo/rcairo" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/cairo/CVE-2017-7475.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/cairo/CVE-2017-7475.yml" }, { "reference_url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1447949", "reference_id": "1447949", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1447949" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870264", "reference_id": "870264", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870264" }, { "reference_url": "https://security.archlinux.org/AVG-277", "reference_id": "AVG-277", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-277" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7475", "reference_id": "CVE-2017-7475", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7475" }, { "reference_url": "https://github.com/advisories/GHSA-5v3f-73gv-x7x5", "reference_id": "GHSA-5v3f-73gv-x7x5", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5v3f-73gv-x7x5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374974?format=api", "purl": "pkg:alpm/archlinux/cairo@1.15.8-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/cairo@1.15.8-1" } ], "aliases": [ "CVE-2017-7475", "GHSA-5v3f-73gv-x7x5" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m37e-xj39-eqfu" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/cairo@1.15.8-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/371401?format=api", "purl": "pkg:alpm/archlinux/cairo@1.16.0-1", "type": "alpm", "namespace": "archlinux", "name": "cairo", "version": "1.16.0-1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "1.16.0-2", "latest_non_vulnerable_version": "1.17.4-5", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83009?format=api", "vulnerability_id": "VCID-8bnq-c161-2yaq", "summary": "cairo: Invalid free in cairo_ft_apply_variations() resulting in a denial of service", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19876.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19876.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-19876", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.53506", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.53585", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.5362", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.53602", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.53529", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.53555", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.53524", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.53574", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.5357", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-19876" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19876", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19876" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1661454", "reference_id": "1661454", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1661454" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=915801", "reference_id": "915801", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=915801" }, { "reference_url": "https://security.archlinux.org/ASA-201902-19", "reference_id": "ASA-201902-19", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201902-19" }, { "reference_url": "https://security.archlinux.org/AVG-826", "reference_id": "AVG-826", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-826" }, { "reference_url": "https://security.archlinux.org/AVG-827", "reference_id": "AVG-827", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-827" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371402?format=api", "purl": "pkg:alpm/archlinux/cairo@1.16.0-2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/cairo@1.16.0-2" } ], "aliases": [ "CVE-2018-19876" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8bnq-c161-2yaq" } ], "fixing_vulnerabilities": [], "risk_score": "4.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/cairo@1.16.0-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/371402?format=api", "purl": "pkg:alpm/archlinux/cairo@1.16.0-2", "type": "alpm", "namespace": "archlinux", "name": "cairo", "version": "1.16.0-2", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "1.17.4-5", "latest_non_vulnerable_version": "1.17.4-5", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83009?format=api", "vulnerability_id": "VCID-8bnq-c161-2yaq", "summary": "cairo: Invalid free in cairo_ft_apply_variations() resulting in a denial of service", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19876.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19876.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-19876", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.53506", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.53585", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.5362", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.53602", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.53529", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.53555", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.53524", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.53574", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.5357", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-19876" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19876", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19876" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1661454", "reference_id": "1661454", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1661454" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=915801", "reference_id": "915801", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=915801" }, { "reference_url": "https://security.archlinux.org/ASA-201902-19", "reference_id": "ASA-201902-19", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201902-19" }, { "reference_url": "https://security.archlinux.org/AVG-826", "reference_id": "AVG-826", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-826" }, { "reference_url": "https://security.archlinux.org/AVG-827", "reference_id": "AVG-827", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-827" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371402?format=api", "purl": "pkg:alpm/archlinux/cairo@1.16.0-2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/cairo@1.16.0-2" } ], "aliases": [ "CVE-2018-19876" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8bnq-c161-2yaq" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/cairo@1.16.0-2" }, { "url": "http://public2.vulnerablecode.io/api/packages/373956?format=api", "purl": "pkg:alpm/archlinux/cairo@1.17.4-4", "type": "alpm", "namespace": "archlinux", "name": "cairo", "version": "1.17.4-4", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "1.17.4-5", "latest_non_vulnerable_version": "1.17.4-5", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37091?format=api", "vulnerability_id": "VCID-rzf2-bp8j-27fq", "summary": "A buffer overflow vulnerability has been discovered in Cairo which could result in denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35492.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35492.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35492", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.26976", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.2686", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.26957", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.26961", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.26917", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.27016", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.27053", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.26843", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.26911", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35492" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35492", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35492" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898396", "reference_id": "1898396", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898396" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=978658", "reference_id": "978658", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=978658" }, { "reference_url": "https://security.archlinux.org/AVG-1391", "reference_id": "AVG-1391", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1391" }, { "reference_url": "https://security.archlinux.org/AVG-1392", "reference_id": "AVG-1392", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1392" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35492", "reference_id": "CVE-2020-35492", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35492" }, { "reference_url": "https://security.gentoo.org/glsa/202305-21", "reference_id": "GLSA-202305-21", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202305-21" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1961", "reference_id": "RHSA-2022:1961", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1961" }, { "reference_url": "https://usn.ubuntu.com/5407-1/", "reference_id": "USN-5407-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5407-1/" }, { "reference_url": "https://usn.ubuntu.com/8140-1/", "reference_id": "USN-8140-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8140-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373957?format=api", "purl": "pkg:alpm/archlinux/cairo@1.17.4-5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/cairo@1.17.4-5" } ], "aliases": [ "CVE-2020-35492" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rzf2-bp8j-27fq" } ], "fixing_vulnerabilities": [], "risk_score": "3.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/cairo@1.17.4-4" }, { "url": "http://public2.vulnerablecode.io/api/packages/373957?format=api", "purl": "pkg:alpm/archlinux/cairo@1.17.4-5", "type": "alpm", "namespace": "archlinux", "name": "cairo", "version": "1.17.4-5", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37091?format=api", "vulnerability_id": "VCID-rzf2-bp8j-27fq", "summary": "A buffer overflow vulnerability has been discovered in Cairo which could result in denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35492.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35492.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35492", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.26976", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.2686", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.26957", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.26961", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.26917", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.27016", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.27053", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.26843", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.26911", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35492" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35492", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35492" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898396", "reference_id": "1898396", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898396" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=978658", "reference_id": "978658", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=978658" }, { "reference_url": "https://security.archlinux.org/AVG-1391", "reference_id": "AVG-1391", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1391" }, { "reference_url": "https://security.archlinux.org/AVG-1392", "reference_id": "AVG-1392", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1392" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35492", "reference_id": "CVE-2020-35492", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35492" }, { "reference_url": "https://security.gentoo.org/glsa/202305-21", "reference_id": "GLSA-202305-21", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202305-21" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1961", "reference_id": "RHSA-2022:1961", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1961" }, { "reference_url": "https://usn.ubuntu.com/5407-1/", "reference_id": "USN-5407-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5407-1/" }, { "reference_url": "https://usn.ubuntu.com/8140-1/", "reference_id": "USN-8140-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8140-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373957?format=api", "purl": "pkg:alpm/archlinux/cairo@1.17.4-5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/cairo@1.17.4-5" } ], "aliases": [ "CVE-2020-35492" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rzf2-bp8j-27fq" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/cairo@1.17.4-5" }, { "url": "http://public2.vulnerablecode.io/api/packages/372759?format=api", "purl": "pkg:alpm/archlinux/calibre@3.18.0-1", "type": "alpm", "namespace": "archlinux", "name": "calibre", "version": "3.18.0-1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "3.19.0-1", "latest_non_vulnerable_version": "3.19.0-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/93806?format=api", "vulnerability_id": "VCID-xhf1-k7jg-6ued", "summary": "gui2/viewer/bookmarkmanager.py in Calibre 3.18 calls cPickle.load on imported bookmark data, which allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7889", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.10883", "scoring_system": "epss", "scoring_elements": "0.93385", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.10883", "scoring_system": "epss", "scoring_elements": "0.93354", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.10883", "scoring_system": "epss", "scoring_elements": "0.93362", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.10883", "scoring_system": "epss", "scoring_elements": "0.9337", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.10883", "scoring_system": "epss", "scoring_elements": "0.93377", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.10883", "scoring_system": "epss", "scoring_elements": "0.93381", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.10883", "scoring_system": "epss", "scoring_elements": "0.93386", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7889" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7889", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7889" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892242", "reference_id": "892242", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892242" }, { "reference_url": "https://security.archlinux.org/ASA-201803-8", "reference_id": "ASA-201803-8", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201803-8" }, { "reference_url": "https://security.archlinux.org/AVG-650", "reference_id": "AVG-650", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-650" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372760?format=api", "purl": "pkg:alpm/archlinux/calibre@3.19.0-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/calibre@3.19.0-1" } ], "aliases": [ "CVE-2018-7889" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xhf1-k7jg-6ued" } ], "fixing_vulnerabilities": [], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/calibre@3.18.0-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/372760?format=api", "purl": "pkg:alpm/archlinux/calibre@3.19.0-1", "type": "alpm", "namespace": "archlinux", "name": "calibre", "version": "3.19.0-1", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/93806?format=api", "vulnerability_id": "VCID-xhf1-k7jg-6ued", "summary": "gui2/viewer/bookmarkmanager.py in Calibre 3.18 calls cPickle.load on imported bookmark data, which allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7889", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.10883", "scoring_system": "epss", "scoring_elements": "0.93385", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.10883", "scoring_system": "epss", "scoring_elements": "0.93354", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.10883", "scoring_system": "epss", "scoring_elements": "0.93362", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.10883", "scoring_system": "epss", "scoring_elements": "0.9337", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.10883", "scoring_system": "epss", "scoring_elements": "0.93377", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.10883", "scoring_system": "epss", "scoring_elements": "0.93381", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.10883", "scoring_system": "epss", "scoring_elements": "0.93386", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7889" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7889", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7889" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892242", "reference_id": "892242", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892242" }, { "reference_url": "https://security.archlinux.org/ASA-201803-8", "reference_id": "ASA-201803-8", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201803-8" }, { "reference_url": "https://security.archlinux.org/AVG-650", "reference_id": "AVG-650", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-650" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372760?format=api", "purl": "pkg:alpm/archlinux/calibre@3.19.0-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/calibre@3.19.0-1" } ], "aliases": [ "CVE-2018-7889" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xhf1-k7jg-6ued" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/calibre@3.19.0-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/373162?format=api", "purl": "pkg:alpm/archlinux/c-ares@1.11.0-1", "type": "alpm", "namespace": "archlinux", "name": "c-ares", "version": "1.11.0-1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "1.13.0-1", "latest_non_vulnerable_version": "1.17.2-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47188?format=api", "vulnerability_id": "VCID-33wk-w9ez-vyd2", "summary": "A heap-based buffer overflow in c-ares might allow remote attackers\n to cause a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5180.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5180.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-5180", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.18165", "scoring_system": "epss", "scoring_elements": "0.95153", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.18165", "scoring_system": "epss", "scoring_elements": "0.9519", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.18165", "scoring_system": "epss", "scoring_elements": "0.95186", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.18165", "scoring_system": "epss", "scoring_elements": "0.95187", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.18165", "scoring_system": "epss", "scoring_elements": "0.95164", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.18165", "scoring_system": "epss", "scoring_elements": "0.95166", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.18165", "scoring_system": "epss", "scoring_elements": "0.95169", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.18165", "scoring_system": "epss", "scoring_elements": "0.95176", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.18165", "scoring_system": "epss", "scoring_elements": "0.9518", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-5180" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5180", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5180" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1380463", "reference_id": "1380463", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1380463" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=839151", "reference_id": "839151", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=839151" }, { "reference_url": "https://security.archlinux.org/ASA-201609-31", "reference_id": "ASA-201609-31", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201609-31" }, { "reference_url": "https://security.archlinux.org/AVG-37", "reference_id": "AVG-37", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-37" }, { "reference_url": "https://security.gentoo.org/glsa/201701-28", "reference_id": "GLSA-201701-28", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-28" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0002", "reference_id": "RHSA-2017:0002", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0002" }, { "reference_url": "https://usn.ubuntu.com/3143-1/", "reference_id": "USN-3143-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3143-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373163?format=api", "purl": "pkg:alpm/archlinux/c-ares@1.12.0-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-w3cx-2jcp-pyga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/c-ares@1.12.0-1" } ], "aliases": [ "CVE-2016-5180" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-33wk-w9ez-vyd2" } ], "fixing_vulnerabilities": [], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/c-ares@1.11.0-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/373163?format=api", "purl": "pkg:alpm/archlinux/c-ares@1.12.0-1", "type": "alpm", "namespace": "archlinux", "name": "c-ares", "version": "1.12.0-1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "1.13.0-1", "latest_non_vulnerable_version": "1.17.2-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/84234?format=api", "vulnerability_id": "VCID-w3cx-2jcp-pyga", "summary": "c-ares: NAPTR parser out of bounds access", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000381.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000381.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-1000381", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66165", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66239", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66263", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66284", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66271", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66206", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66233", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66203", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.6625", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-1000381" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000381", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000381" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:N/A:P" }, { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463132", "reference_id": "1463132", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463132" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865360", "reference_id": "865360", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865360" }, { "reference_url": "https://security.archlinux.org/ASA-201707-21", "reference_id": "ASA-201707-21", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201707-21" }, { "reference_url": "https://security.archlinux.org/AVG-315", "reference_id": "AVG-315", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-315" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2908", "reference_id": "RHSA-2017:2908", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2908" }, { "reference_url": "https://usn.ubuntu.com/3395-1/", "reference_id": "USN-3395-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3395-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-4796-1/", "reference_id": "USN-USN-4796-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-4796-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374538?format=api", "purl": "pkg:alpm/archlinux/c-ares@1.13.0-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/c-ares@1.13.0-1" } ], "aliases": [ "CVE-2017-1000381" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w3cx-2jcp-pyga" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47188?format=api", "vulnerability_id": "VCID-33wk-w9ez-vyd2", "summary": "A heap-based buffer overflow in c-ares might allow remote attackers\n to cause a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5180.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5180.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-5180", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.18165", "scoring_system": "epss", "scoring_elements": "0.95153", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.18165", "scoring_system": "epss", "scoring_elements": "0.9519", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.18165", "scoring_system": "epss", "scoring_elements": "0.95186", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.18165", "scoring_system": "epss", "scoring_elements": "0.95187", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.18165", "scoring_system": "epss", "scoring_elements": "0.95164", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.18165", "scoring_system": "epss", "scoring_elements": "0.95166", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.18165", "scoring_system": "epss", "scoring_elements": "0.95169", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.18165", "scoring_system": "epss", "scoring_elements": "0.95176", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.18165", "scoring_system": "epss", "scoring_elements": "0.9518", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-5180" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5180", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5180" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1380463", "reference_id": "1380463", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1380463" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=839151", "reference_id": "839151", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=839151" }, { "reference_url": "https://security.archlinux.org/ASA-201609-31", "reference_id": "ASA-201609-31", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201609-31" }, { "reference_url": "https://security.archlinux.org/AVG-37", "reference_id": "AVG-37", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-37" }, { "reference_url": "https://security.gentoo.org/glsa/201701-28", "reference_id": "GLSA-201701-28", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-28" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0002", "reference_id": "RHSA-2017:0002", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0002" }, { "reference_url": "https://usn.ubuntu.com/3143-1/", "reference_id": "USN-3143-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3143-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373163?format=api", "purl": "pkg:alpm/archlinux/c-ares@1.12.0-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-w3cx-2jcp-pyga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/c-ares@1.12.0-1" } ], "aliases": [ "CVE-2016-5180" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-33wk-w9ez-vyd2" } ], "risk_score": "3.1", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/c-ares@1.12.0-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/374538?format=api", "purl": "pkg:alpm/archlinux/c-ares@1.13.0-1", "type": "alpm", "namespace": "archlinux", "name": "c-ares", "version": "1.13.0-1", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "1.17.2-1", "latest_non_vulnerable_version": "1.17.2-1", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/84234?format=api", "vulnerability_id": "VCID-w3cx-2jcp-pyga", "summary": "c-ares: NAPTR parser out of bounds access", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000381.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000381.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-1000381", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66165", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66239", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66263", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66284", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66271", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66206", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66233", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66203", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.6625", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-1000381" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000381", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000381" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:N/A:P" }, { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463132", "reference_id": "1463132", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463132" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865360", "reference_id": "865360", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865360" }, { "reference_url": "https://security.archlinux.org/ASA-201707-21", "reference_id": "ASA-201707-21", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201707-21" }, { "reference_url": "https://security.archlinux.org/AVG-315", "reference_id": "AVG-315", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-315" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2908", "reference_id": "RHSA-2017:2908", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2908" }, { "reference_url": "https://usn.ubuntu.com/3395-1/", "reference_id": "USN-3395-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3395-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-4796-1/", "reference_id": "USN-USN-4796-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-4796-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374538?format=api", "purl": "pkg:alpm/archlinux/c-ares@1.13.0-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/c-ares@1.13.0-1" } ], "aliases": [ "CVE-2017-1000381" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w3cx-2jcp-pyga" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/c-ares@1.13.0-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/374205?format=api", "purl": "pkg:alpm/archlinux/c-ares@1.16.1-2", "type": "alpm", "namespace": "archlinux", "name": "c-ares", "version": "1.16.1-2", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "1.17.2-1", "latest_non_vulnerable_version": "1.17.2-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35492?format=api", "vulnerability_id": "VCID-m4sn-7wuq-e3cd", "summary": "A Denial of Service vulnerability was discovered in c-ares.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8277.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8277.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8277", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.59168", "scoring_system": "epss", "scoring_elements": "0.98219", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.59168", "scoring_system": "epss", "scoring_elements": "0.98233", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.59168", "scoring_system": "epss", "scoring_elements": "0.98226", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.59168", "scoring_system": "epss", "scoring_elements": "0.9823", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.59168", "scoring_system": "epss", "scoring_elements": "0.98222", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.59168", "scoring_system": "epss", "scoring_elements": "0.98225", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8277" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8277", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8277" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A7WH7W46OZSEUHWBHD7TCH3LRFY52V6Z/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A7WH7W46OZSEUHWBHD7TCH3LRFY52V6Z/" }, { "reference_url": "https://nodejs.org/en/blog/vulnerability/november-2020-security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nodejs.org/en/blog/vulnerability/november-2020-security-releases/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898554", "reference_id": "1898554", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898554" }, { "reference_url": "https://security.archlinux.org/ASA-202011-18", "reference_id": "ASA-202011-18", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202011-18" }, { "reference_url": "https://security.archlinux.org/AVG-1280", "reference_id": "AVG-1280", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1280" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8277", "reference_id": "CVE-2020-8277", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8277" }, { "reference_url": "https://security.gentoo.org/glsa/202012-11", "reference_id": "GLSA-202012-11", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202012-11" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:5305", "reference_id": "RHSA-2020:5305", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:5305" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:5499", "reference_id": "RHSA-2020:5499", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:5499" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0421", "reference_id": "RHSA-2021:0421", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0421" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0551", "reference_id": "RHSA-2021:0551", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0551" }, { "reference_url": "https://usn.ubuntu.com/4638-1/", "reference_id": "USN-4638-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4638-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373568?format=api", "purl": "pkg:alpm/archlinux/c-ares@1.17.1-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1xdz-dku3-qqc4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/c-ares@1.17.1-1" } ], "aliases": [ "CVE-2020-8277" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m4sn-7wuq-e3cd" } ], "fixing_vulnerabilities": [], "risk_score": "3.4", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/c-ares@1.16.1-2" }, { "url": "http://public2.vulnerablecode.io/api/packages/373568?format=api", "purl": "pkg:alpm/archlinux/c-ares@1.17.1-1", "type": "alpm", "namespace": "archlinux", "name": "c-ares", "version": "1.17.1-1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "1.17.2-1", "latest_non_vulnerable_version": "1.17.2-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/11629?format=api", "vulnerability_id": "VCID-1xdz-dku3-qqc4", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nA flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality and integrity as well as system availability.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3672.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3672.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3672", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17144", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17157", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.1731", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17358", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17138", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17229", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17287", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17265", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17216", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3672" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1988342", "reference_id": "", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:09:33Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1988342" }, { "reference_url": "https://c-ares.haxx.se/adv_20210810.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:09:33Z/" } ], "url": "https://c-ares.haxx.se/adv_20210810.html" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3672", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3672" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992053", "reference_id": "992053", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992053" }, { "reference_url": "https://security.archlinux.org/ASA-202108-13", "reference_id": "ASA-202108-13", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202108-13" }, { "reference_url": "https://security.archlinux.org/AVG-2268", "reference_id": "AVG-2268", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2268" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3672", "reference_id": "CVE-2021-3672", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3672" }, { "reference_url": "https://security.gentoo.org/glsa/202401-02", "reference_id": "GLSA-202401-02", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:09:33Z/" } ], "url": "https://security.gentoo.org/glsa/202401-02" }, { "reference_url": "https://security.gentoo.org/glsa/202405-29", "reference_id": "GLSA-202405-29", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202405-29" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3280", "reference_id": "RHSA-2021:3280", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3280" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3281", "reference_id": "RHSA-2021:3281", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3281" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3623", "reference_id": "RHSA-2021:3623", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3623" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3638", "reference_id": "RHSA-2021:3638", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3638" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3639", "reference_id": "RHSA-2021:3639", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3639" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3666", "reference_id": "RHSA-2021:3666", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3666" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:2043", "reference_id": "RHSA-2022:2043", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:2043" }, { "reference_url": "https://usn.ubuntu.com/5034-1/", "reference_id": "USN-5034-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5034-1/" }, { "reference_url": "https://usn.ubuntu.com/5034-2/", "reference_id": "USN-5034-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5034-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373569?format=api", "purl": "pkg:alpm/archlinux/c-ares@1.17.2-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/c-ares@1.17.2-1" } ], "aliases": [ "CVE-2021-3672" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1xdz-dku3-qqc4" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35492?format=api", "vulnerability_id": "VCID-m4sn-7wuq-e3cd", "summary": "A Denial of Service vulnerability was discovered in c-ares.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8277.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8277.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8277", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.59168", "scoring_system": "epss", "scoring_elements": "0.98219", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.59168", "scoring_system": "epss", "scoring_elements": "0.98233", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.59168", "scoring_system": "epss", "scoring_elements": "0.98226", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.59168", "scoring_system": "epss", "scoring_elements": "0.9823", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.59168", "scoring_system": "epss", "scoring_elements": "0.98222", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.59168", "scoring_system": "epss", "scoring_elements": "0.98225", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8277" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8277", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8277" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A7WH7W46OZSEUHWBHD7TCH3LRFY52V6Z/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A7WH7W46OZSEUHWBHD7TCH3LRFY52V6Z/" }, { "reference_url": "https://nodejs.org/en/blog/vulnerability/november-2020-security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nodejs.org/en/blog/vulnerability/november-2020-security-releases/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898554", "reference_id": "1898554", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898554" }, { "reference_url": "https://security.archlinux.org/ASA-202011-18", "reference_id": "ASA-202011-18", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202011-18" }, { "reference_url": "https://security.archlinux.org/AVG-1280", "reference_id": "AVG-1280", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1280" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8277", "reference_id": "CVE-2020-8277", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8277" }, { "reference_url": "https://security.gentoo.org/glsa/202012-11", "reference_id": "GLSA-202012-11", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202012-11" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:5305", "reference_id": "RHSA-2020:5305", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:5305" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:5499", "reference_id": "RHSA-2020:5499", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:5499" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0421", "reference_id": "RHSA-2021:0421", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0421" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0551", "reference_id": "RHSA-2021:0551", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0551" }, { "reference_url": "https://usn.ubuntu.com/4638-1/", "reference_id": "USN-4638-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4638-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373568?format=api", "purl": "pkg:alpm/archlinux/c-ares@1.17.1-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1xdz-dku3-qqc4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/c-ares@1.17.1-1" } ], "aliases": [ "CVE-2020-8277" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m4sn-7wuq-e3cd" } ], "risk_score": "3.1", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/c-ares@1.17.1-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/373569?format=api", "purl": "pkg:alpm/archlinux/c-ares@1.17.2-1", "type": "alpm", "namespace": "archlinux", "name": "c-ares", "version": "1.17.2-1", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/11629?format=api", "vulnerability_id": "VCID-1xdz-dku3-qqc4", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nA flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality and integrity as well as system availability.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3672.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3672.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3672", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17144", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17157", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.1731", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17358", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17138", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17229", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17287", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17265", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17216", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3672" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1988342", "reference_id": "", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:09:33Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1988342" }, { "reference_url": "https://c-ares.haxx.se/adv_20210810.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:09:33Z/" } ], "url": "https://c-ares.haxx.se/adv_20210810.html" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3672", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3672" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992053", "reference_id": "992053", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992053" }, { "reference_url": "https://security.archlinux.org/ASA-202108-13", "reference_id": "ASA-202108-13", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202108-13" }, { "reference_url": "https://security.archlinux.org/AVG-2268", "reference_id": "AVG-2268", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2268" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3672", "reference_id": "CVE-2021-3672", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3672" }, { "reference_url": "https://security.gentoo.org/glsa/202401-02", "reference_id": "GLSA-202401-02", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:09:33Z/" } ], "url": "https://security.gentoo.org/glsa/202401-02" }, { "reference_url": "https://security.gentoo.org/glsa/202405-29", "reference_id": "GLSA-202405-29", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202405-29" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3280", "reference_id": "RHSA-2021:3280", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3280" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3281", "reference_id": "RHSA-2021:3281", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3281" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3623", "reference_id": "RHSA-2021:3623", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3623" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3638", "reference_id": "RHSA-2021:3638", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3638" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3639", "reference_id": "RHSA-2021:3639", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3639" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3666", "reference_id": "RHSA-2021:3666", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3666" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:2043", "reference_id": "RHSA-2022:2043", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:2043" }, { "reference_url": "https://usn.ubuntu.com/5034-1/", "reference_id": "USN-5034-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5034-1/" }, { "reference_url": "https://usn.ubuntu.com/5034-2/", "reference_id": "USN-5034-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5034-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373569?format=api", "purl": "pkg:alpm/archlinux/c-ares@1.17.2-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/c-ares@1.17.2-1" } ], "aliases": [ "CVE-2021-3672" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1xdz-dku3-qqc4" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/c-ares@1.17.2-1" } ] }