{"url":"http://public2.vulnerablecode.io/api/packages/100453?format=json","purl":"pkg:deb/debian/kexec-tools@1:2.0.32-3?distro=trixie","type":"deb","namespace":"debian","name":"kexec-tools","version":"1:2.0.32-3","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74697?format=json","vulnerability_id":"VCID-5s2t-gwaq-zuhp","summary":"The Red Hat module-setup.sh script for kexec-tools, as distributed in the kexec-tools before 2.0.7-19 packages in Red Hat Enterprise Linux, allows local users to write to arbitrary files via a symlink attack on a temporary file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0267.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0267.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-0267","reference_id":"","reference_type":"","scores":[{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15568","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15649","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15639","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.156","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15517","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15542","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-0267"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1191575","reference_id":"1191575","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1191575"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0986","reference_id":"RHSA-2015:0986","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0986"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/100451?format=json","purl":"pkg:deb/debian/kexec-tools@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kexec-tools@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/100452?format=json","purl":"pkg:deb/debian/kexec-tools@1:2.0.20-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kexec-tools@1:2.0.20-2.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/100450?format=json","purl":"pkg:deb/debian/kexec-tools@1:2.0.25-3%2Bdeb12u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kexec-tools@1:2.0.25-3%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/100454?format=json","purl":"pkg:deb/debian/kexec-tools@1:2.0.29-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kexec-tools@1:2.0.29-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/100453?format=json","purl":"pkg:deb/debian/kexec-tools@1:2.0.32-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kexec-tools@1:2.0.32-3%3Fdistro=trixie"}],"aliases":["CVE-2015-0267"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5s2t-gwaq-zuhp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74691?format=json","vulnerability_id":"VCID-bpmy-uq4q-jbdg","summary":"The SSH configuration in the Red Hat mkdumprd script for kexec-tools, as distributed in the kexec-tools 1.x before 1.102pre-154 and 2.x before 2.0.0-209 packages in Red Hat Enterprise Linux, disables the StrictHostKeyChecking option, which allows man-in-the-middle attackers to spoof kdump servers, and obtain sensitive core information, by using an arbitrary SSH key.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3588.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3588.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3588","reference_id":"","reference_type":"","scores":[{"value":"0.00168","scoring_system":"epss","scoring_elements":"0.37666","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00168","scoring_system":"epss","scoring_elements":"0.37757","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00168","scoring_system":"epss","scoring_elements":"0.37761","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00168","scoring_system":"epss","scoring_elements":"0.37731","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00168","scoring_system":"epss","scoring_elements":"0.37692","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00168","scoring_system":"epss","scoring_elements":"0.37704","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3588"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=716439","reference_id":"716439","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=716439"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1532","reference_id":"RHSA-2011:1532","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1532"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0152","reference_id":"RHSA-2012:0152","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0152"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/100451?format=json","purl":"pkg:deb/debian/kexec-tools@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kexec-tools@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/100452?format=json","purl":"pkg:deb/debian/kexec-tools@1:2.0.20-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kexec-tools@1:2.0.20-2.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/100450?format=json","purl":"pkg:deb/debian/kexec-tools@1:2.0.25-3%2Bdeb12u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kexec-tools@1:2.0.25-3%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/100454?format=json","purl":"pkg:deb/debian/kexec-tools@1:2.0.29-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kexec-tools@1:2.0.29-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/100453?format=json","purl":"pkg:deb/debian/kexec-tools@1:2.0.32-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kexec-tools@1:2.0.32-3%3Fdistro=trixie"}],"aliases":["CVE-2011-3588"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bpmy-uq4q-jbdg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74696?format=json","vulnerability_id":"VCID-t3ng-rmrw-v7dp","summary":"The Red Hat mkdumprd script for kexec-tools, as distributed in the kexec-tools 1.x before 1.102pre-154 and 2.x before 2.0.0-209 packages in Red Hat Enterprise Linux, includes all of root's SSH private keys within a vmcore file, which allows context-dependent attackers to obtain sensitive information by inspecting the file content.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3590.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3590.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3590","reference_id":"","reference_type":"","scores":[{"value":"0.00168","scoring_system":"epss","scoring_elements":"0.37666","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00168","scoring_system":"epss","scoring_elements":"0.37757","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00168","scoring_system":"epss","scoring_elements":"0.37761","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00168","scoring_system":"epss","scoring_elements":"0.37731","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00168","scoring_system":"epss","scoring_elements":"0.37692","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00168","scoring_system":"epss","scoring_elements":"0.37704","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3590"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=716439","reference_id":"716439","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=716439"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1532","reference_id":"RHSA-2011:1532","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1532"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0152","reference_id":"RHSA-2012:0152","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0152"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/100451?format=json","purl":"pkg:deb/debian/kexec-tools@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kexec-tools@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/100452?format=json","purl":"pkg:deb/debian/kexec-tools@1:2.0.20-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kexec-tools@1:2.0.20-2.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/100450?format=json","purl":"pkg:deb/debian/kexec-tools@1:2.0.25-3%2Bdeb12u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kexec-tools@1:2.0.25-3%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/100454?format=json","purl":"pkg:deb/debian/kexec-tools@1:2.0.29-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kexec-tools@1:2.0.29-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/100453?format=json","purl":"pkg:deb/debian/kexec-tools@1:2.0.32-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kexec-tools@1:2.0.32-3%3Fdistro=trixie"}],"aliases":["CVE-2011-3590"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t3ng-rmrw-v7dp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3504?format=json","vulnerability_id":"VCID-y62u-a4ez-vycw","summary":"information disclosure","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20269.json","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20269.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-20269","reference_id":"","reference_type":"","scores":[{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07322","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07309","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07341","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07297","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07355","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07362","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-20269"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1934261","reference_id":"1934261","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1934261"},{"reference_url":"https://security.archlinux.org/AVG-1673","reference_id":"AVG-1673","reference_type":"","scores":[{"value":"Low","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1673"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4404","reference_id":"RHSA-2021:4404","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4404"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/100451?format=json","purl":"pkg:deb/debian/kexec-tools@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kexec-tools@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/100452?format=json","purl":"pkg:deb/debian/kexec-tools@1:2.0.20-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kexec-tools@1:2.0.20-2.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/100450?format=json","purl":"pkg:deb/debian/kexec-tools@1:2.0.25-3%2Bdeb12u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kexec-tools@1:2.0.25-3%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/100454?format=json","purl":"pkg:deb/debian/kexec-tools@1:2.0.29-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kexec-tools@1:2.0.29-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/100453?format=json","purl":"pkg:deb/debian/kexec-tools@1:2.0.32-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kexec-tools@1:2.0.32-3%3Fdistro=trixie"}],"aliases":["CVE-2021-20269"],"risk_score":2.1,"exploitability":"0.5","weighted_severity":"4.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y62u-a4ez-vycw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74694?format=json","vulnerability_id":"VCID-zdsc-3jhz-qqfu","summary":"The Red Hat mkdumprd script for kexec-tools, as distributed in the kexec-tools 1.x before 1.102pre-154 and 2.x before 2.0.0-209 packages in Red Hat Enterprise Linux, uses world-readable permissions for vmcore files, which allows local users to obtain sensitive information by inspecting the file content, as demonstrated by a search for a root SSH key.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3589.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3589.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3589","reference_id":"","reference_type":"","scores":[{"value":"0.00127","scoring_system":"epss","scoring_elements":"0.31581","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00127","scoring_system":"epss","scoring_elements":"0.31649","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00127","scoring_system":"epss","scoring_elements":"0.31614","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00127","scoring_system":"epss","scoring_elements":"0.31577","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00127","scoring_system":"epss","scoring_elements":"0.31544","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00127","scoring_system":"epss","scoring_elements":"0.31569","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3589"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=716439","reference_id":"716439","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=716439"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1532","reference_id":"RHSA-2011:1532","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1532"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0152","reference_id":"RHSA-2012:0152","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0152"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/100451?format=json","purl":"pkg:deb/debian/kexec-tools@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kexec-tools@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/100452?format=json","purl":"pkg:deb/debian/kexec-tools@1:2.0.20-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kexec-tools@1:2.0.20-2.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/100450?format=json","purl":"pkg:deb/debian/kexec-tools@1:2.0.25-3%2Bdeb12u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kexec-tools@1:2.0.25-3%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/100454?format=json","purl":"pkg:deb/debian/kexec-tools@1:2.0.29-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kexec-tools@1:2.0.29-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/100453?format=json","purl":"pkg:deb/debian/kexec-tools@1:2.0.32-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kexec-tools@1:2.0.32-3%3Fdistro=trixie"}],"aliases":["CVE-2011-3589"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zdsc-3jhz-qqfu"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/kexec-tools@1:2.0.32-3%3Fdistro=trixie"}