Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/87950?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/87950?format=api", "vulnerability_id": "VCID-6maj-yfz2-p7h3", "summary": "kernel: create_elf_tables can leave urandom in a bad state", "aliases": [ { "alias": "CVE-2009-4141" } ], "fixed_packages": [], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/127949?format=api", "purl": "pkg:rpm/redhat/kernel@2.6.18-128.14.1?arch=el5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6maj-yfz2-p7h3" }, { "vulnerability": "VCID-msn3-mmwj-dked" }, { "vulnerability": "VCID-pwta-vnfw-tfhp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/kernel@2.6.18-128.14.1%3Farch=el5" }, { "url": "http://public2.vulnerablecode.io/api/packages/128036?format=api", "purl": "pkg:rpm/redhat/kernel@2.6.18-164.11.1?arch=el5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6maj-yfz2-p7h3" }, { "vulnerability": "VCID-7xqe-cvcu-cqeu" }, { "vulnerability": "VCID-bzck-use4-7ygm" }, { "vulnerability": "VCID-c7vw-3qbq-wubw" }, { "vulnerability": "VCID-d3sv-sfxz-jyg8" }, { "vulnerability": "VCID-djq9-mejy-b7ah" }, { "vulnerability": "VCID-fcjb-4n2a-auh4" }, { "vulnerability": "VCID-h61x-6rtm-w7b3" }, { "vulnerability": "VCID-k6jn-xb74-kyex" }, { "vulnerability": "VCID-mwme-pa6q-q7d4" }, { "vulnerability": "VCID-zha6-q3tu-p7cs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/kernel@2.6.18-164.11.1%3Farch=el5" }, { "url": "http://public2.vulnerablecode.io/api/packages/128021?format=api", "purl": "pkg:rpm/redhat/kernel-rt@2.6.24.7-149?arch=el5rt", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2ap5-r7r1-nud8" }, { "vulnerability": "VCID-2jb7-c47x-fyh5" }, { "vulnerability": "VCID-6maj-yfz2-p7h3" }, { "vulnerability": "VCID-arhf-b84c-6kb7" }, { "vulnerability": "VCID-g3ad-ywbt-pfcv" }, { "vulnerability": "VCID-msn3-mmwj-dked" }, { "vulnerability": "VCID-nc9h-dj44-j3bj" }, { "vulnerability": "VCID-wcj6-5pu2-n7gx" }, { "vulnerability": "VCID-xbsh-hqkt-duf4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/kernel-rt@2.6.24.7-149%3Farch=el5rt" } ], "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-4141.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-4141.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-4141", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00109", "scoring_system": "epss", "scoring_elements": "0.28852", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00109", "scoring_system": "epss", "scoring_elements": "0.29156", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00109", "scoring_system": "epss", "scoring_elements": "0.29035", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00109", "scoring_system": "epss", "scoring_elements": "0.28924", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00109", "scoring_system": "epss", "scoring_elements": "0.29188", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00109", "scoring_system": "epss", "scoring_elements": "0.29253", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00109", "scoring_system": "epss", "scoring_elements": "0.29293", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00109", "scoring_system": "epss", "scoring_elements": "0.29298", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00109", "scoring_system": "epss", "scoring_elements": "0.29252", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00109", "scoring_system": "epss", "scoring_elements": "0.29199", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00109", "scoring_system": "epss", "scoring_elements": "0.29226", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00109", "scoring_system": "epss", "scoring_elements": "0.29201", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30388", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30433", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30358", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-4141" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=547906", "reference_id": "547906", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=547906" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/33523.c", "reference_id": "CVE-2009-4141;OSVDB-61687", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/33523.c" }, { "reference_url": "https://www.securityfocus.com/bid/37806/info", "reference_id": "CVE-2009-4141;OSVDB-61687", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/37806/info" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0046", "reference_id": "RHSA-2010:0046", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0046" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0149", "reference_id": "RHSA-2010:0149", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0149" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0161", "reference_id": "RHSA-2010:0161", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0161" }, { "reference_url": "https://usn.ubuntu.com/894-1/", "reference_id": "USN-894-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/894-1/" } ], "weaknesses": [ { "cwe_id": 672, "name": "Operation on a Resource after Expiration or Release", "description": "The product uses, accesses, or otherwise operates on a resource after that resource has been expired, released, or revoked." }, { "cwe_id": 119, "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer", "description": "The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer." } ], "exploits": [ { "date_added": "2009-12-16", "description": "Linux Kernel < 2.6.28 - 'fasync_helper()' Local Privilege Escalation", "required_action": null, "due_date": null, "notes": null, "known_ransomware_campaign_use": true, "source_date_published": "2009-12-16", "exploit_type": "local", "platform": "linux", "source_date_updated": "2014-05-27", "data_source": "Exploit-DB", "source_url": "https://www.securityfocus.com/bid/37806/info" } ], "severity_range_score": null, "exploitability": "2.0", "weighted_severity": "0.0", "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6maj-yfz2-p7h3" }