Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/18248?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/18248?format=api", "vulnerability_id": "VCID-e151-k644-7qdt", "summary": "Improper Restriction of Operations within the Bounds of a Memory Buffer\nImproper buffer restrictions in the Intel(R) Optimization for Tensorflow software before version 2.12 may allow an authenticated user to potentially enable escalation of privilege via local access.", "aliases": [ { "alias": "CVE-2023-27506" }, { "alias": "GHSA-m2f8-v8q4-3m59" } ], "fixed_packages": [], "affected_packages": [], "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-27506", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19917", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-27506" }, { "reference_url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00840.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T13:33:45Z/" } ], "url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00840.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27506", "reference_id": "CVE-2023-27506", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27506" }, { "reference_url": "https://github.com/advisories/GHSA-m2f8-v8q4-3m59", "reference_id": "GHSA-m2f8-v8q4-3m59", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-m2f8-v8q4-3m59" } ], "weaknesses": [ { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." }, { "cwe_id": 119, "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer", "description": "The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." }, { "cwe_id": 92, "name": "DEPRECATED: Improper Sanitization of Custom Special Characters", "description": "This entry has been deprecated. It originally came from PLOVER, which sometimes defined other and miscellaneous categories in order to satisfy exhaustiveness requirements for taxonomies. Within the context of CWE, the use of a more abstract entry is preferred in mapping situations. CWE-75 is a more appropriate mapping." } ], "exploits": [], "severity_range_score": "4.0 - 6.9", "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e151-k644-7qdt" }