Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-6gg4-xtn1-3ba9

Summary On Windows the Veyon Service before version 4.4.2 contains an unquoted service path vulnerability, allowing locally authenticated users with administrative privileges to run malicious executables with LocalSystem privileges. Since Veyon users (both students and teachers) usually don't have administrative privileges, this vulnerability is only dangerous in anyway unsafe setups. The problem has been fixed in version 4.4.2. As a workaround, the exploitation of the vulnerability can be prevented by revoking administrative privileges from all potentially untrustworthy users.

Aliases

alias	CVE-2020-15261

Fixed_packages

url	pkg:deb/debian/veyon@0?distro=trixie
purl	pkg:deb/debian/veyon@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/veyon@0%3Fdistro=trixie

url	pkg:deb/debian/veyon@4.5.3%2Brepack1-1?distro=trixie
purl	pkg:deb/debian/veyon@4.5.3%2Brepack1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/veyon@4.5.3%252Brepack1-1%3Fdistro=trixie

url	pkg:deb/debian/veyon@4.7.5%2Brepack1-1?distro=trixie
purl	pkg:deb/debian/veyon@4.7.5%2Brepack1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/veyon@4.7.5%252Brepack1-1%3Fdistro=trixie

url	pkg:deb/debian/veyon@4.9.5%2Brepack1-2?distro=trixie
purl	pkg:deb/debian/veyon@4.9.5%2Brepack1-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/veyon@4.9.5%252Brepack1-2%3Fdistro=trixie

url	pkg:deb/debian/veyon@4.9.7%2Brepack1-1?distro=trixie
purl	pkg:deb/debian/veyon@4.9.7%2Brepack1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/veyon@4.9.7%252Brepack1-1%3Fdistro=trixie

Affected_packages

References

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-15261

reference_id

reference_type

scores

value	0.08057
scoring_system	epss
scoring_elements	0.92097
published_at	2026-04-01T12:55:00Z

value	0.08057
scoring_system	epss
scoring_elements	0.92105
published_at	2026-04-02T12:55:00Z

value	0.08057
scoring_system	epss
scoring_elements	0.92111
published_at	2026-04-04T12:55:00Z

value	0.08057
scoring_system	epss
scoring_elements	0.92116
published_at	2026-04-07T12:55:00Z

value	0.08057
scoring_system	epss
scoring_elements	0.92127
published_at	2026-04-08T12:55:00Z

value	0.08057
scoring_system	epss
scoring_elements	0.9213
published_at	2026-04-13T12:55:00Z

value	0.08057
scoring_system	epss
scoring_elements	0.92134
published_at	2026-04-12T12:55:00Z

value	0.08057
scoring_system	epss
scoring_elements	0.92141
published_at	2026-04-16T12:55:00Z

value	0.08057
scoring_system	epss
scoring_elements	0.92138
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-15261

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/local/49925.txt
reference_id	CVE-2020-15261
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/local/49925.txt

Weaknesses

Exploits

date_added	2021-06-01
description	Veyon 4.4.1 - 'VeyonService' Unquoted Service Path
required_action	`null`
due_date	`null`
notes	`null`
known_ransomware_campaign_use	`false`
source_date_published	2021-06-01
exploit_type	local
platform	windows
source_date_updated	2021-06-01
data_source	Exploit-DB
source_url

Severity_range_score null

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6gg4-xtn1-3ba9

Vulnerability Instance