Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-ahbf-gwnw-nufp
Summary
Docker Moby /proc/scsi Path Exposure Allows Host Data Loss (SCSI MICDROP)
The DefaultLinuxSpec function in oci/defaults.go in Docker Moby through 17.03.2-ce does not block /proc/scsi pathnames, which allows attackers to trigger data loss (when certain older Linux kernels are used) by leveraging Docker container access to write a "scsi remove-single-device" line to /proc/scsi/scsi, aka SCSI MICDROP.
Aliases
0
alias CVE-2017-16539
1
alias GHSA-vfjc-2qcw-j95j
Fixed_packages
0
url pkg:deb/debian/docker.io@1.13.1~ds3-1?distro=trixie
purl pkg:deb/debian/docker.io@1.13.1~ds3-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@1.13.1~ds3-1%3Fdistro=trixie
1
url pkg:deb/debian/docker.io@18.09.1%2Bdfsg1-7.1%2Bdeb10u3
purl pkg:deb/debian/docker.io@18.09.1%2Bdfsg1-7.1%2Bdeb10u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3eju-5upk-auhy
1
vulnerability VCID-41ft-14gt-bbbq
2
vulnerability VCID-6vru-hsfs-rufg
3
vulnerability VCID-bhju-575k-ebh3
4
vulnerability VCID-e9ng-x516-53cf
5
vulnerability VCID-gbw6-3a59-mbhu
6
vulnerability VCID-gund-83cy-9fap
7
vulnerability VCID-h83p-v26k-s7fa
8
vulnerability VCID-pevy-d197-zydv
9
vulnerability VCID-u44m-mgza-nfcx
10
vulnerability VCID-uckr-kzdf-7ydj
11
vulnerability VCID-yt33-nmzd-r3cs
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@18.09.1%252Bdfsg1-7.1%252Bdeb10u3
2
url pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1sky-21r5-3qcu
1
vulnerability VCID-6tg9-3vhh-muae
2
vulnerability VCID-8e1u-z6kg-ryhc
3
vulnerability VCID-avqu-wswg-c3ga
4
vulnerability VCID-b2qe-8u58-2qck
5
vulnerability VCID-bzeb-kj67-vfds
6
vulnerability VCID-e82r-vc77-f7bz
7
vulnerability VCID-njcw-wc13-dqcz
8
vulnerability VCID-quyf-eq2s-dbda
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2%3Fdistro=trixie
3
url pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1sky-21r5-3qcu
1
vulnerability VCID-6tg9-3vhh-muae
2
vulnerability VCID-8e1u-z6kg-ryhc
3
vulnerability VCID-b2qe-8u58-2qck
4
vulnerability VCID-njcw-wc13-dqcz
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie
4
url pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie
purl pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie
5
url pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie
purl pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie
Affected_packages
0
url pkg:deb/debian/docker.io@1.6.2~dfsg1-1~bpo8%2B1
purl pkg:deb/debian/docker.io@1.6.2~dfsg1-1~bpo8%2B1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-165g-hgmx-nybk
1
vulnerability VCID-3eju-5upk-auhy
2
vulnerability VCID-41ft-14gt-bbbq
3
vulnerability VCID-43es-2d6x-jba8
4
vulnerability VCID-6vru-hsfs-rufg
5
vulnerability VCID-ahbf-gwnw-nufp
6
vulnerability VCID-bhju-575k-ebh3
7
vulnerability VCID-e6sp-khpk-r3d8
8
vulnerability VCID-e9ng-x516-53cf
9
vulnerability VCID-eb24-pguf-ryg1
10
vulnerability VCID-f6d3-yyvz-xqgs
11
vulnerability VCID-gbw6-3a59-mbhu
12
vulnerability VCID-gund-83cy-9fap
13
vulnerability VCID-h83p-v26k-s7fa
14
vulnerability VCID-pevy-d197-zydv
15
vulnerability VCID-qwqe-27yu-8kds
16
vulnerability VCID-sh5d-p485-6qh4
17
vulnerability VCID-su25-rgw1-xkg6
18
vulnerability VCID-u44m-mgza-nfcx
19
vulnerability VCID-uckr-kzdf-7ydj
20
vulnerability VCID-yt33-nmzd-r3cs
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@1.6.2~dfsg1-1~bpo8%252B1
References
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-16539.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-16539.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-16539
reference_id
reference_type
scores
0
value 0.00444
scoring_system epss
scoring_elements 0.63406
published_at 2026-04-21T12:55:00Z
1
value 0.00444
scoring_system epss
scoring_elements 0.63427
published_at 2026-04-18T12:55:00Z
2
value 0.00444
scoring_system epss
scoring_elements 0.6342
published_at 2026-04-16T12:55:00Z
3
value 0.00444
scoring_system epss
scoring_elements 0.63385
published_at 2026-04-13T12:55:00Z
4
value 0.00444
scoring_system epss
scoring_elements 0.63438
published_at 2026-04-11T12:55:00Z
5
value 0.00444
scoring_system epss
scoring_elements 0.63421
published_at 2026-04-12T12:55:00Z
6
value 0.00444
scoring_system epss
scoring_elements 0.63403
published_at 2026-04-08T12:55:00Z
7
value 0.00444
scoring_system epss
scoring_elements 0.63351
published_at 2026-04-07T12:55:00Z
8
value 0.00444
scoring_system epss
scoring_elements 0.63386
published_at 2026-04-04T12:55:00Z
9
value 0.00444
scoring_system epss
scoring_elements 0.63359
published_at 2026-04-02T12:55:00Z
10
value 0.00444
scoring_system epss
scoring_elements 0.63298
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-16539
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16539
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16539
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.6
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:N/C:N/I:P/A:P
1
value 4.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/moby/moby
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moby/moby
5
reference_url https://github.com/moby/moby/commit/a21ecdf3c8a343a7c94e4c4d01b178c87ca7aaa1
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moby/moby/commit/a21ecdf3c8a343a7c94e4c4d01b178c87ca7aaa1
6
reference_url https://github.com/moby/moby/pull/35399
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-10T15:10:20Z/
url https://github.com/moby/moby/pull/35399
7
reference_url https://github.com/moby/moby/pull/35399/commits/a21ecdf3c8a343a7c94e4c4d01b178c87ca7aaa1
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-10T15:10:20Z/
url https://github.com/moby/moby/pull/35399/commits/a21ecdf3c8a343a7c94e4c4d01b178c87ca7aaa1
8
reference_url https://marc.info/?l=linux-scsi&m=150985062200941&w=2
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-10T15:10:20Z/
url https://marc.info/?l=linux-scsi&m=150985062200941&w=2
9
reference_url https://marc.info/?l=linux-scsi&m=150985455801444&w=2
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-10T15:10:20Z/
url https://marc.info/?l=linux-scsi&m=150985455801444&w=2
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-16539
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:N/I:N/A:P
1
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
3
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
4
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-16539
11
reference_url https://twitter.com/ewindisch/status/926443521820774401
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-10T15:10:20Z/
url https://twitter.com/ewindisch/status/926443521820774401
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1516205
reference_id 1516205
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1516205
13
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900140
reference_id 900140
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900140
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mobyproject:moby:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:mobyproject:moby:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mobyproject:moby:*:*:*:*:*:*:*:*
Weaknesses
0
cwe_id 200
name Exposure of Sensitive Information to an Unauthorized Actor
description The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
1
cwe_id 20
name Improper Input Validation
description The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Exploits
Severity_range_score3.6 - 7.5
Exploitability0.5
Weighted_severity6.8
Risk_score3.4
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-ahbf-gwnw-nufp