{"url":"http://public2.vulnerablecode.io/api/packages/100918?format=json","purl":"pkg:deb/debian/python-keyring@25.7.0-1?distro=trixie","type":"deb","namespace":"debian","name":"python-keyring","version":"25.7.0-1","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"0.9.2-1","latest_non_vulnerable_version":"25.7.0-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/202473?format=json","vulnerability_id":"VCID-fz1p-zhvh-s7ay","summary":"Python Keyring 0.9.1 does not securely initialize the cipher when encrypting passwords for CryptedFileKeyring files, which makes it easier for local users to obtain passwords via a brute-force attack.","references":[{"reference_url":"http://pypi.python.org/pypi/keyring","reference_id":"","reference_type":"","scores":[],"url":"http://pypi.python.org/pypi/keyring"},{"reference_url":"https://bugs.launchpad.net/ubuntu/+source/python-keyring/+bug/1004845","reference_id":"","reference_type":"","scores":[],"url":"https://bugs.launchpad.net/ubuntu/+source/python-keyring/+bug/1004845"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4571","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4571"},{"reference_url":"https://github.com/advisories/GHSA-p3h7-3c45-qj4v","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-p3h7-3c45-qj4v"},{"reference_url":"http://www.openwall.com/lists/oss-security/2012/10/31/8","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2012/10/31/8"},{"reference_url":"http://www.ubuntu.com/usn/USN-1634-1","reference_id":"","reference_type":"","scores":[],"url":"http://www.ubuntu.com/usn/USN-1634-1"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=675379","reference_id":"675379","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=675379"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/100916?format=json","purl":"pkg:deb/debian/python-keyring@0.9.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-keyring@0.9.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/100917?format=json","purl":"pkg:deb/debian/python-keyring@22.0.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-keyring@22.0.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/100915?format=json","purl":"pkg:deb/debian/python-keyring@23.9.3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-keyring@23.9.3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/100919?format=json","purl":"pkg:deb/debian/python-keyring@25.6.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-keyring@25.6.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/100918?format=json","purl":"pkg:deb/debian/python-keyring@25.7.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-keyring@25.7.0-1%3Fdistro=trixie"}],"aliases":["CVE-2012-4571","GHSA-p3h7-3c45-qj4v","PYSEC-2012-8"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fz1p-zhvh-s7ay"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/202517?format=json","vulnerability_id":"VCID-m1q9-dkze-rqh4","summary":"Python keyring has insecure permissions on new databases allowing world-readable files to be created","references":[{"reference_url":"https://bugs.launchpad.net/ubuntu/+source/python-keyring/+bug/1031465","reference_id":"","reference_type":"","scores":[],"url":"https://bugs.launchpad.net/ubuntu/+source/python-keyring/+bug/1031465"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5578","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5578"},{"reference_url":"https://bugzilla.suse.com/show_bug.cgi?id=CVE-2012-5578","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.suse.com/show_bug.cgi?id=CVE-2012-5578"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5578","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5578"},{"reference_url":"https://github.com/jaraco/keyring/blob/master/CHANGES.rst#010","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/jaraco/keyring/blob/master/CHANGES.rst#010"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/keyring/PYSEC-2019-182.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/keyring/PYSEC-2019-182.yaml"},{"reference_url":"http://www.openwall.com/lists/oss-security/2012/11/27/4","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2012/11/27/4"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=696736","reference_id":"696736","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=696736"},{"reference_url":"https://access.redhat.com/security/cve/cve-2012-5578","reference_id":"CVE-2012-5578","reference_type":"","scores":[],"url":"https://access.redhat.com/security/cve/cve-2012-5578"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-5578","reference_id":"CVE-2012-5578","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-5578"},{"reference_url":"https://security-tracker.debian.org/tracker/CVE-2012-5578","reference_id":"CVE-2012-5578","reference_type":"","scores":[],"url":"https://security-tracker.debian.org/tracker/CVE-2012-5578"},{"reference_url":"https://github.com/advisories/GHSA-8867-vpm3-g98g","reference_id":"GHSA-8867-vpm3-g98g","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8867-vpm3-g98g"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/100920?format=json","purl":"pkg:deb/debian/python-keyring@0.9.2-1.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-keyring@0.9.2-1.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/100917?format=json","purl":"pkg:deb/debian/python-keyring@22.0.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-keyring@22.0.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/100915?format=json","purl":"pkg:deb/debian/python-keyring@23.9.3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-keyring@23.9.3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/100919?format=json","purl":"pkg:deb/debian/python-keyring@25.6.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-keyring@25.6.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/100918?format=json","purl":"pkg:deb/debian/python-keyring@25.7.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-keyring@25.7.0-1%3Fdistro=trixie"}],"aliases":["CVE-2012-5578","GHSA-8867-vpm3-g98g","PYSEC-2019-182"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m1q9-dkze-rqh4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/202516?format=json","vulnerability_id":"VCID-r4cz-6k4m-73ee","summary":"Python keyring lib before 0.10 created keyring files with world-readable permissions.","references":[{"reference_url":"https://bitbucket.org/kang/python-keyring-lib/commits/049cd181470f1ee6c540e1d64acf1def7b1de0c1","reference_id":"","reference_type":"","scores":[],"url":"https://bitbucket.org/kang/python-keyring-lib/commits/049cd181470f1ee6c540e1d64acf1def7b1de0c1"},{"reference_url":"https://bitbucket.org/kang/python-keyring-lib/issue/67/set-go-rwx-on-keyring_passcfg","reference_id":"","reference_type":"","scores":[],"url":"https://bitbucket.org/kang/python-keyring-lib/issue/67/set-go-rwx-on-keyring_passcfg"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5577","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5577"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5577","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5577"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/keyring/PYSEC-2019-181.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/keyring/PYSEC-2019-181.yaml"},{"reference_url":"http://www.openwall.com/lists/oss-security/2012/11/27/3","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2012/11/27/3"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=696736","reference_id":"696736","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=696736"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-5577","reference_id":"CVE-2012-5577","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-5577"},{"reference_url":"https://security-tracker.debian.org/tracker/CVE-2012-5577","reference_id":"CVE-2012-5577","reference_type":"","scores":[],"url":"https://security-tracker.debian.org/tracker/CVE-2012-5577"},{"reference_url":"https://github.com/advisories/GHSA-p86x-652p-6385","reference_id":"GHSA-p86x-652p-6385","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-p86x-652p-6385"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/100920?format=json","purl":"pkg:deb/debian/python-keyring@0.9.2-1.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-keyring@0.9.2-1.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/100917?format=json","purl":"pkg:deb/debian/python-keyring@22.0.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-keyring@22.0.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/100915?format=json","purl":"pkg:deb/debian/python-keyring@23.9.3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-keyring@23.9.3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/100919?format=json","purl":"pkg:deb/debian/python-keyring@25.6.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-keyring@25.6.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/100918?format=json","purl":"pkg:deb/debian/python-keyring@25.7.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-keyring@25.7.0-1%3Fdistro=trixie"}],"aliases":["CVE-2012-5577","GHSA-p86x-652p-6385","PYSEC-2019-181"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r4cz-6k4m-73ee"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-keyring@25.7.0-1%3Fdistro=trixie"}