Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/1049503?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/1049503?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.11%2Bdfsg-1.3%2Bdeb10u4", "type": "deb", "namespace": "debian", "name": "libvncserver", "version": "0.9.11+dfsg-1.3+deb10u4", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "0.9.14+dfsg-1+deb12u1", "latest_non_vulnerable_version": "0.9.15+dfsg-1+deb13u1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81164?format=api", "vulnerability_id": "VCID-6w3g-x86a-sfbj", "summary": "libvncserver: libvncserver/corre.c allows out-of-bounds access via encodings", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14402.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14402.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14402", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02216", "scoring_system": "epss", "scoring_elements": "0.8441", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.02216", "scoring_system": "epss", "scoring_elements": "0.84425", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02216", "scoring_system": "epss", "scoring_elements": "0.84444", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02216", "scoring_system": "epss", "scoring_elements": "0.84446", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02216", "scoring_system": "epss", "scoring_elements": "0.84468", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02216", "scoring_system": "epss", "scoring_elements": "0.84474", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02216", "scoring_system": "epss", "scoring_elements": "0.84492", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02216", "scoring_system": "epss", "scoring_elements": "0.84486", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02216", "scoring_system": "epss", "scoring_elements": "0.84481", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02216", "scoring_system": "epss", "scoring_elements": "0.84503", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.02216", "scoring_system": "epss", "scoring_elements": "0.84504", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.02216", "scoring_system": "epss", "scoring_elements": "0.84506", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.02216", "scoring_system": "epss", "scoring_elements": "0.84533", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.02216", "scoring_system": "epss", "scoring_elements": "0.84542", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.02216", "scoring_system": "epss", "scoring_elements": "0.84545", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.02216", "scoring_system": "epss", "scoring_elements": "0.84561", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.02216", "scoring_system": "epss", "scoring_elements": "0.84588", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.02216", "scoring_system": "epss", "scoring_elements": "0.84605", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.02216", "scoring_system": "epss", "scoring_elements": "0.84602", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.02216", "scoring_system": "epss", "scoring_elements": "0.84618", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.02216", "scoring_system": "epss", "scoring_elements": "0.8465", "published_at": "2026-05-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14402" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14402", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14402" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860367", "reference_id": "1860367", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860367" }, { "reference_url": "https://usn.ubuntu.com/4434-1/", "reference_id": "USN-4434-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4434-1/" }, { "reference_url": "https://usn.ubuntu.com/4573-1/", "reference_id": "USN-4573-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4573-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1051607?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.13%2Bdfsg-2%2Bdeb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-81pq-5gvp-zfgw" }, { "vulnerability": "VCID-aphg-42c4-9yct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.13%252Bdfsg-2%252Bdeb11u1" } ], "aliases": [ "CVE-2020-14402" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "4.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6w3g-x86a-sfbj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81317?format=api", "vulnerability_id": "VCID-7taj-t1kg-h3a9", "summary": "libvncserver: libvncserver/rfbserver.c has a divide by zero which could result in DoS", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25708.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25708.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25708", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0071", "scoring_system": "epss", "scoring_elements": "0.72395", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.0071", "scoring_system": "epss", "scoring_elements": "0.72252", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0071", "scoring_system": "epss", "scoring_elements": "0.72297", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0071", "scoring_system": "epss", "scoring_elements": "0.72306", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0071", "scoring_system": "epss", "scoring_elements": "0.72303", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0071", "scoring_system": "epss", "scoring_elements": "0.72293", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.0071", "scoring_system": "epss", "scoring_elements": "0.72321", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.0071", "scoring_system": "epss", "scoring_elements": "0.72348", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.0071", "scoring_system": "epss", "scoring_elements": "0.7231", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.0071", "scoring_system": "epss", "scoring_elements": "0.72337", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.0071", "scoring_system": "epss", "scoring_elements": "0.72255", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0071", "scoring_system": "epss", "scoring_elements": "0.72265", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00784", "scoring_system": "epss", "scoring_elements": "0.73713", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00784", "scoring_system": "epss", "scoring_elements": "0.73736", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00784", "scoring_system": "epss", "scoring_elements": "0.73708", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00784", "scoring_system": "epss", "scoring_elements": "0.73743", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00784", "scoring_system": "epss", "scoring_elements": "0.73756", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00784", "scoring_system": "epss", "scoring_elements": "0.73778", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00784", "scoring_system": "epss", "scoring_elements": "0.7376", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00784", "scoring_system": "epss", "scoring_elements": "0.73751", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00784", "scoring_system": "epss", "scoring_elements": "0.73703", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25708" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25708", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25708" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1896739", "reference_id": "1896739", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1896739" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1811", "reference_id": "RHSA-2021:1811", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1811" }, { "reference_url": "https://usn.ubuntu.com/4636-1/", "reference_id": "USN-4636-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4636-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1051607?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.13%2Bdfsg-2%2Bdeb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-81pq-5gvp-zfgw" }, { "vulnerability": "VCID-aphg-42c4-9yct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.13%252Bdfsg-2%252Bdeb11u1" } ], "aliases": [ "CVE-2020-25708" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7taj-t1kg-h3a9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81163?format=api", "vulnerability_id": "VCID-9eyh-gzse-8qdk", "summary": "libvncserver: libvncserver/scale.c has a pixel_value integer overflow", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14401.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14401.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14401", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01613", "scoring_system": "epss", "scoring_elements": "0.81711", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01613", "scoring_system": "epss", "scoring_elements": "0.81721", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01613", "scoring_system": "epss", "scoring_elements": "0.81745", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01613", "scoring_system": "epss", "scoring_elements": "0.81741", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01613", "scoring_system": "epss", "scoring_elements": "0.81768", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01613", "scoring_system": "epss", "scoring_elements": "0.81773", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01613", "scoring_system": "epss", "scoring_elements": "0.81792", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01613", "scoring_system": "epss", "scoring_elements": "0.8178", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01613", "scoring_system": "epss", "scoring_elements": "0.81776", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01613", "scoring_system": "epss", "scoring_elements": "0.81813", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01613", "scoring_system": "epss", "scoring_elements": "0.81816", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01613", "scoring_system": "epss", "scoring_elements": "0.8184", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01613", "scoring_system": "epss", "scoring_elements": "0.8185", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.01613", "scoring_system": "epss", "scoring_elements": "0.81855", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.01613", "scoring_system": "epss", "scoring_elements": "0.81873", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.01613", "scoring_system": "epss", "scoring_elements": "0.81893", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.01613", "scoring_system": "epss", "scoring_elements": "0.81918", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.01613", "scoring_system": "epss", "scoring_elements": "0.81916", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.01613", "scoring_system": "epss", "scoring_elements": "0.81932", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.01613", "scoring_system": "epss", "scoring_elements": "0.81974", "published_at": "2026-05-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14401" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14401", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14401" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860364", "reference_id": "1860364", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860364" }, { "reference_url": "https://usn.ubuntu.com/4434-1/", "reference_id": "USN-4434-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4434-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1051607?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.13%2Bdfsg-2%2Bdeb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-81pq-5gvp-zfgw" }, { "vulnerability": "VCID-aphg-42c4-9yct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.13%252Bdfsg-2%252Bdeb11u1" } ], "aliases": [ "CVE-2020-14401" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9eyh-gzse-8qdk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81157?format=api", "vulnerability_id": "VCID-d3c1-uv78-a7cj", "summary": "libvncserver: libvncserver/rre.c allows out-of-bounds access via encodings", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14404.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14404.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14404", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01332", "scoring_system": "epss", "scoring_elements": "0.79907", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01332", "scoring_system": "epss", "scoring_elements": "0.79914", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01332", "scoring_system": "epss", "scoring_elements": "0.79935", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01332", "scoring_system": "epss", "scoring_elements": "0.79923", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01332", "scoring_system": "epss", "scoring_elements": "0.79952", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01332", "scoring_system": "epss", "scoring_elements": "0.79961", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01332", "scoring_system": "epss", "scoring_elements": "0.79981", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01332", "scoring_system": "epss", "scoring_elements": "0.79964", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01332", "scoring_system": "epss", "scoring_elements": "0.79956", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01332", "scoring_system": "epss", "scoring_elements": "0.79984", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01332", "scoring_system": "epss", "scoring_elements": "0.79987", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01332", "scoring_system": "epss", "scoring_elements": "0.80015", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01332", "scoring_system": "epss", "scoring_elements": "0.8002", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.01332", "scoring_system": "epss", "scoring_elements": "0.80036", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.01332", "scoring_system": "epss", "scoring_elements": "0.80049", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.01332", "scoring_system": "epss", "scoring_elements": "0.80072", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.01332", "scoring_system": "epss", "scoring_elements": "0.80087", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.01332", "scoring_system": "epss", "scoring_elements": "0.80084", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.01332", "scoring_system": "epss", "scoring_elements": "0.801", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.01332", "scoring_system": "epss", "scoring_elements": "0.80141", "published_at": "2026-05-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14404" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14404", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14404" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860337", "reference_id": "1860337", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860337" }, { "reference_url": "https://usn.ubuntu.com/4434-1/", "reference_id": "USN-4434-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4434-1/" }, { "reference_url": "https://usn.ubuntu.com/4573-1/", "reference_id": "USN-4573-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4573-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1051607?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.13%2Bdfsg-2%2Bdeb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-81pq-5gvp-zfgw" }, { "vulnerability": "VCID-aphg-42c4-9yct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.13%252Bdfsg-2%252Bdeb11u1" } ], "aliases": [ "CVE-2020-14404" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "4.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d3c1-uv78-a7cj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81158?format=api", "vulnerability_id": "VCID-dmax-ew5t-4fg4", "summary": "libvncserver: libvncclient/tls_openssl.c has a NULL pointer dereference", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14396.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14396.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14396", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01582", "scoring_system": "epss", "scoring_elements": "0.81513", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01582", "scoring_system": "epss", "scoring_elements": "0.81525", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01582", "scoring_system": "epss", "scoring_elements": "0.81546", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01582", "scoring_system": "epss", "scoring_elements": "0.81545", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01582", "scoring_system": "epss", "scoring_elements": "0.81572", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01582", "scoring_system": "epss", "scoring_elements": "0.81578", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01582", "scoring_system": "epss", "scoring_elements": "0.81598", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01582", "scoring_system": "epss", "scoring_elements": "0.81586", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01582", "scoring_system": "epss", "scoring_elements": "0.81579", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01582", "scoring_system": "epss", "scoring_elements": "0.81616", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01582", "scoring_system": "epss", "scoring_elements": "0.81617", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01582", "scoring_system": "epss", "scoring_elements": "0.81621", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01582", "scoring_system": "epss", "scoring_elements": "0.81643", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01582", "scoring_system": "epss", "scoring_elements": "0.81652", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.01582", "scoring_system": "epss", "scoring_elements": "0.81656", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.01582", "scoring_system": "epss", "scoring_elements": "0.81673", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.01582", "scoring_system": "epss", "scoring_elements": "0.81694", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.01582", "scoring_system": "epss", "scoring_elements": "0.81719", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.01582", "scoring_system": "epss", "scoring_elements": "0.81718", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.01582", "scoring_system": "epss", "scoring_elements": "0.81735", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.01582", "scoring_system": "epss", "scoring_elements": "0.81775", "published_at": "2026-05-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14396" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14396", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14396" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860340", "reference_id": "1860340", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860340" }, { "reference_url": "https://usn.ubuntu.com/4434-1/", "reference_id": "USN-4434-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4434-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1051607?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.13%2Bdfsg-2%2Bdeb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-81pq-5gvp-zfgw" }, { "vulnerability": "VCID-aphg-42c4-9yct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.13%252Bdfsg-2%252Bdeb11u1" } ], "aliases": [ "CVE-2020-14396" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dmax-ew5t-4fg4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/84579?format=api", "vulnerability_id": "VCID-dzex-yhec-uydq", "summary": "libvncserver: websocket decoding buffer overflow", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-18922.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-18922.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-18922", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04777", "scoring_system": "epss", "scoring_elements": "0.89423", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.04777", "scoring_system": "epss", "scoring_elements": "0.89428", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.04777", "scoring_system": "epss", "scoring_elements": "0.89439", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.04777", "scoring_system": "epss", "scoring_elements": "0.89441", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.04777", "scoring_system": "epss", "scoring_elements": "0.89457", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.04777", "scoring_system": "epss", "scoring_elements": "0.89461", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.04777", "scoring_system": "epss", "scoring_elements": "0.89469", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.04777", "scoring_system": "epss", "scoring_elements": "0.89467", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.04777", "scoring_system": "epss", "scoring_elements": "0.89463", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.04777", "scoring_system": "epss", "scoring_elements": "0.89477", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.04777", "scoring_system": "epss", "scoring_elements": "0.89478", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.04777", "scoring_system": "epss", "scoring_elements": "0.89475", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.06869", "scoring_system": "epss", "scoring_elements": "0.91453", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.06869", "scoring_system": "epss", "scoring_elements": "0.91408", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.06869", "scoring_system": "epss", "scoring_elements": "0.91406", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.06869", "scoring_system": "epss", "scoring_elements": "0.91405", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.06869", "scoring_system": "epss", "scoring_elements": "0.91419", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.06869", "scoring_system": "epss", "scoring_elements": "0.91435", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.06869", "scoring_system": "epss", "scoring_elements": "0.91444", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.06869", "scoring_system": "epss", "scoring_elements": "0.91443", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.06869", "scoring_system": "epss", "scoring_elements": "0.91462", "published_at": "2026-05-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-18922" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18922", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18922" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852356", "reference_id": "1852356", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852356" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3281", "reference_id": "RHSA-2020:3281", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3281" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3385", "reference_id": "RHSA-2020:3385", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3385" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3456", "reference_id": "RHSA-2020:3456", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3456" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3588", "reference_id": "RHSA-2020:3588", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3588" }, { "reference_url": "https://usn.ubuntu.com/4407-1/", "reference_id": "USN-4407-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4407-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1051607?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.13%2Bdfsg-2%2Bdeb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-81pq-5gvp-zfgw" }, { "vulnerability": "VCID-aphg-42c4-9yct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.13%252Bdfsg-2%252Bdeb11u1" } ], "aliases": [ "CVE-2017-18922" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dzex-yhec-uydq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81160?format=api", "vulnerability_id": "VCID-j4kf-j3t8-fbfb", "summary": "libvncserver: an improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14398.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14398.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14398", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02271", "scoring_system": "epss", "scoring_elements": "0.84576", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.02271", "scoring_system": "epss", "scoring_elements": "0.8459", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02271", "scoring_system": "epss", "scoring_elements": "0.84611", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02271", "scoring_system": "epss", "scoring_elements": "0.84613", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02271", "scoring_system": "epss", "scoring_elements": "0.84634", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02271", "scoring_system": "epss", "scoring_elements": "0.84641", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02271", "scoring_system": "epss", "scoring_elements": "0.84659", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02271", "scoring_system": "epss", "scoring_elements": "0.84654", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02271", "scoring_system": "epss", "scoring_elements": "0.84649", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02271", "scoring_system": "epss", "scoring_elements": "0.8467", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.02271", "scoring_system": "epss", "scoring_elements": "0.84671", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.02271", "scoring_system": "epss", "scoring_elements": "0.84672", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.02271", "scoring_system": "epss", "scoring_elements": "0.84699", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.02271", "scoring_system": "epss", "scoring_elements": "0.84709", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.02271", "scoring_system": "epss", "scoring_elements": "0.8471", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.02271", "scoring_system": "epss", "scoring_elements": "0.84724", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.02271", "scoring_system": "epss", "scoring_elements": "0.8475", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.02271", "scoring_system": "epss", "scoring_elements": "0.84767", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.02271", "scoring_system": "epss", "scoring_elements": "0.84763", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.02271", "scoring_system": "epss", "scoring_elements": "0.84778", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.02271", "scoring_system": "epss", "scoring_elements": "0.8481", "published_at": "2026-05-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14398" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14398", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14398" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860348", "reference_id": "1860348", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860348" }, { "reference_url": "https://usn.ubuntu.com/4434-1/", "reference_id": "USN-4434-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4434-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1051607?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.13%2Bdfsg-2%2Bdeb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-81pq-5gvp-zfgw" }, { "vulnerability": "VCID-aphg-42c4-9yct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.13%252Bdfsg-2%252Bdeb11u1" } ], "aliases": [ "CVE-2020-14398" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j4kf-j3t8-fbfb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81161?format=api", "vulnerability_id": "VCID-kzk2-vaa2-6bfa", "summary": "libvncserver: byte-aligned data is accessed through uint32_t pointers in libvncclient/rfbproto.c", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14399.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14399.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14399", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02462", "scoring_system": "epss", "scoring_elements": "0.85402", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.02462", "scoring_system": "epss", "scoring_elements": "0.85176", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.02462", "scoring_system": "epss", "scoring_elements": "0.85187", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02462", "scoring_system": "epss", "scoring_elements": "0.85205", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02462", "scoring_system": "epss", "scoring_elements": "0.85206", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02462", "scoring_system": "epss", "scoring_elements": "0.85228", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02462", "scoring_system": "epss", "scoring_elements": "0.85236", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02462", "scoring_system": "epss", "scoring_elements": "0.85251", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02462", "scoring_system": "epss", "scoring_elements": "0.85249", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02462", "scoring_system": "epss", "scoring_elements": "0.85245", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02462", "scoring_system": "epss", "scoring_elements": "0.85265", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.02462", "scoring_system": "epss", "scoring_elements": "0.85267", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.02462", "scoring_system": "epss", "scoring_elements": "0.85266", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.02462", "scoring_system": "epss", "scoring_elements": "0.85289", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.02462", "scoring_system": "epss", "scoring_elements": "0.85298", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.02462", "scoring_system": "epss", "scoring_elements": "0.85297", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.02462", "scoring_system": "epss", "scoring_elements": "0.85311", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.02462", "scoring_system": "epss", "scoring_elements": "0.85338", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.02462", "scoring_system": "epss", "scoring_elements": "0.85357", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.02462", "scoring_system": "epss", "scoring_elements": "0.85351", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.02462", "scoring_system": "epss", "scoring_elements": "0.85364", "published_at": "2026-05-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14399" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14399", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14399" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860354", "reference_id": "1860354", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860354" }, { "reference_url": "https://usn.ubuntu.com/4434-1/", "reference_id": "USN-4434-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4434-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1051607?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.13%2Bdfsg-2%2Bdeb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-81pq-5gvp-zfgw" }, { "vulnerability": "VCID-aphg-42c4-9yct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.13%252Bdfsg-2%252Bdeb11u1" } ], "aliases": [ "CVE-2020-14399" ], "risk_score": 1.1, "exploitability": "0.5", "weighted_severity": "2.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kzk2-vaa2-6bfa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81156?format=api", "vulnerability_id": "VCID-nxh7-7s8e-g3ec", "summary": "libvncserver: libvncserver/hextile.c allows out-of-bounds access via encodings", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14403.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14403.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14403", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01113", "scoring_system": "epss", "scoring_elements": "0.78107", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01113", "scoring_system": "epss", "scoring_elements": "0.78116", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01113", "scoring_system": "epss", "scoring_elements": "0.78145", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01113", "scoring_system": "epss", "scoring_elements": "0.78128", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01113", "scoring_system": "epss", "scoring_elements": "0.78154", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01113", "scoring_system": "epss", "scoring_elements": "0.78161", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01113", "scoring_system": "epss", "scoring_elements": "0.78186", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01113", "scoring_system": "epss", "scoring_elements": "0.78169", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01113", "scoring_system": "epss", "scoring_elements": "0.78165", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01113", "scoring_system": "epss", "scoring_elements": "0.78198", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01113", "scoring_system": "epss", "scoring_elements": "0.78197", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01113", "scoring_system": "epss", "scoring_elements": "0.78192", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01113", "scoring_system": "epss", "scoring_elements": "0.78224", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01113", "scoring_system": "epss", "scoring_elements": "0.7823", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.01113", "scoring_system": "epss", "scoring_elements": "0.78244", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.01113", "scoring_system": "epss", "scoring_elements": "0.78258", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.01113", "scoring_system": "epss", "scoring_elements": "0.78284", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.01113", "scoring_system": "epss", "scoring_elements": "0.78301", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.01113", "scoring_system": "epss", "scoring_elements": "0.78296", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.01113", "scoring_system": "epss", "scoring_elements": "0.78313", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.01113", "scoring_system": "epss", "scoring_elements": "0.78352", "published_at": "2026-05-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14403" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14403", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14403" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860334", "reference_id": "1860334", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860334" }, { "reference_url": "https://usn.ubuntu.com/4434-1/", "reference_id": "USN-4434-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4434-1/" }, { "reference_url": "https://usn.ubuntu.com/4573-1/", "reference_id": "USN-4573-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4573-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1051607?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.13%2Bdfsg-2%2Bdeb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-81pq-5gvp-zfgw" }, { "vulnerability": "VCID-aphg-42c4-9yct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.13%252Bdfsg-2%252Bdeb11u1" } ], "aliases": [ "CVE-2020-14403" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "4.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nxh7-7s8e-g3ec" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81153?format=api", "vulnerability_id": "VCID-q3t7-3yq6-gkan", "summary": "libvncserver: unaligned accesses in hybiReadAndDecode can lead to a crash", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-20840.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-20840.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-20840", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02026", "scoring_system": "epss", "scoring_elements": "0.83715", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.02026", "scoring_system": "epss", "scoring_elements": "0.83728", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02026", "scoring_system": "epss", "scoring_elements": "0.83742", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02026", "scoring_system": "epss", "scoring_elements": "0.83745", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02026", "scoring_system": "epss", "scoring_elements": "0.83769", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02026", "scoring_system": "epss", "scoring_elements": "0.83775", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02026", "scoring_system": "epss", "scoring_elements": "0.83791", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02026", "scoring_system": "epss", "scoring_elements": "0.83785", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02026", "scoring_system": "epss", "scoring_elements": "0.83781", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02026", "scoring_system": "epss", "scoring_elements": "0.83814", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.02026", "scoring_system": "epss", "scoring_elements": "0.83815", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.02026", "scoring_system": "epss", "scoring_elements": "0.83816", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.02026", "scoring_system": "epss", "scoring_elements": "0.83841", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.02026", "scoring_system": "epss", "scoring_elements": "0.83849", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.02026", "scoring_system": "epss", "scoring_elements": "0.83854", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.02026", "scoring_system": "epss", "scoring_elements": "0.83876", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.02026", "scoring_system": "epss", "scoring_elements": "0.83897", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.02026", "scoring_system": "epss", "scoring_elements": "0.83914", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.02026", "scoring_system": "epss", "scoring_elements": "0.83913", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.02026", "scoring_system": "epss", "scoring_elements": "0.83929", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.02026", "scoring_system": "epss", "scoring_elements": "0.83964", "published_at": "2026-05-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-20840" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20840", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20840" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1849881", "reference_id": "1849881", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1849881" }, { "reference_url": "https://usn.ubuntu.com/4434-1/", "reference_id": "USN-4434-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4434-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1051607?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.13%2Bdfsg-2%2Bdeb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-81pq-5gvp-zfgw" }, { "vulnerability": "VCID-aphg-42c4-9yct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.13%252Bdfsg-2%252Bdeb11u1" } ], "aliases": [ "CVE-2019-20840" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q3t7-3yq6-gkan" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81891?format=api", "vulnerability_id": "VCID-q4eg-8ph7-nfer", "summary": "libvncserver: information disclosure and ASLR bypass", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-15681.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-15681.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-15681", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06191", "scoring_system": "epss", "scoring_elements": "0.90805", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.06191", "scoring_system": "epss", "scoring_elements": "0.90811", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.06191", "scoring_system": "epss", "scoring_elements": "0.90823", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.06191", "scoring_system": "epss", "scoring_elements": "0.90833", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.06191", "scoring_system": "epss", "scoring_elements": "0.90845", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.06191", "scoring_system": "epss", "scoring_elements": "0.90851", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.06191", "scoring_system": "epss", "scoring_elements": "0.9086", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.06191", "scoring_system": "epss", "scoring_elements": "0.90857", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.06191", "scoring_system": "epss", "scoring_elements": "0.90882", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.06191", "scoring_system": "epss", "scoring_elements": "0.90879", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.06191", "scoring_system": "epss", "scoring_elements": "0.90878", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.06191", "scoring_system": "epss", "scoring_elements": "0.90891", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.06191", "scoring_system": "epss", "scoring_elements": "0.9089", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.06191", "scoring_system": "epss", "scoring_elements": "0.90888", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.06191", "scoring_system": "epss", "scoring_elements": "0.90904", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.06191", "scoring_system": "epss", "scoring_elements": "0.90921", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.06191", "scoring_system": "epss", "scoring_elements": "0.90934", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.06191", "scoring_system": "epss", "scoring_elements": "0.90931", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.06191", "scoring_system": "epss", "scoring_elements": "0.9094", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.06191", "scoring_system": "epss", "scoring_elements": "0.90951", "published_at": "2026-05-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-15681" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15681", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15681" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1854761", "reference_id": "1854761", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1854761" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=943793", "reference_id": "943793", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=943793" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=945784", "reference_id": "945784", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=945784" }, { "reference_url": "https://usn.ubuntu.com/4407-1/", "reference_id": "USN-4407-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4407-1/" }, { "reference_url": "https://usn.ubuntu.com/4547-1/", "reference_id": "USN-4547-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4547-1/" }, { "reference_url": "https://usn.ubuntu.com/4573-1/", "reference_id": "USN-4573-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4573-1/" }, { "reference_url": "https://usn.ubuntu.com/4587-1/", "reference_id": "USN-4587-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4587-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1051607?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.13%2Bdfsg-2%2Bdeb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-81pq-5gvp-zfgw" }, { "vulnerability": "VCID-aphg-42c4-9yct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.13%252Bdfsg-2%252Bdeb11u1" } ], "aliases": [ "CVE-2019-15681" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q4eg-8ph7-nfer" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81716?format=api", "vulnerability_id": "VCID-qde7-y8q2-2bgq", "summary": "libvncserver: HandleCursorShape() integer overflow resulting in heap-based buffer overflow", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-15690.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-15690.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-15690", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04329", "scoring_system": "epss", "scoring_elements": "0.88864", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.04329", "scoring_system": "epss", "scoring_elements": "0.88872", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.04329", "scoring_system": "epss", "scoring_elements": "0.89008", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.04329", "scoring_system": "epss", "scoring_elements": "0.88986", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.04329", "scoring_system": "epss", "scoring_elements": "0.88979", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.04329", "scoring_system": "epss", "scoring_elements": "0.88989", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.04329", "scoring_system": "epss", "scoring_elements": "0.88888", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.04329", "scoring_system": "epss", "scoring_elements": "0.8889", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.04329", "scoring_system": "epss", "scoring_elements": "0.88909", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.04329", "scoring_system": "epss", "scoring_elements": "0.88914", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.04329", "scoring_system": "epss", "scoring_elements": "0.88925", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.04329", "scoring_system": "epss", "scoring_elements": "0.8892", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.04329", "scoring_system": "epss", "scoring_elements": "0.88934", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.04329", "scoring_system": "epss", "scoring_elements": "0.88932", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.04329", "scoring_system": "epss", "scoring_elements": "0.88928", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.04329", "scoring_system": "epss", "scoring_elements": "0.88945", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.04329", "scoring_system": "epss", "scoring_elements": "0.88952", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.04329", "scoring_system": "epss", "scoring_elements": "0.88959", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.04329", "scoring_system": "epss", "scoring_elements": "0.88975", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-15690" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15690", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15690" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1811948", "reference_id": "1811948", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1811948" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954163", "reference_id": "954163", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954163" }, { "reference_url": "https://ics-cert.kaspersky.com/vulnerabilities/klcert-20-009-remote-code-execution-on-libvnc-version-prior-to-0-9-12/", "reference_id": "klcert-20-009-remote-code-execution-on-libvnc-version-prior-to-0-9-12", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-24T18:22:46Z/" } ], "url": "https://ics-cert.kaspersky.com/vulnerabilities/klcert-20-009-remote-code-execution-on-libvnc-version-prior-to-0-9-12/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0913", "reference_id": "RHSA-2020:0913", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0913" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0920", "reference_id": "RHSA-2020:0920", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0920" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0921", "reference_id": "RHSA-2020:0921", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0921" }, { "reference_url": "https://usn.ubuntu.com/4407-1/", "reference_id": "USN-4407-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4407-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1051607?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.13%2Bdfsg-2%2Bdeb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-81pq-5gvp-zfgw" }, { "vulnerability": "VCID-aphg-42c4-9yct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.13%252Bdfsg-2%252Bdeb11u1" } ], "aliases": [ "CVE-2019-15690" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qde7-y8q2-2bgq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81159?format=api", "vulnerability_id": "VCID-qfyp-1xhm-13au", "summary": "libvncserver: libvncserver/rfbregion.c has a NULL pointer dereference", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14397.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14397.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14397", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04438", "scoring_system": "epss", "scoring_elements": "0.88996", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.04438", "scoring_system": "epss", "scoring_elements": "0.89004", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.04438", "scoring_system": "epss", "scoring_elements": "0.8902", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.04438", "scoring_system": "epss", "scoring_elements": "0.89022", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.04438", "scoring_system": "epss", "scoring_elements": "0.89039", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.04438", "scoring_system": "epss", "scoring_elements": "0.89045", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.04438", "scoring_system": "epss", "scoring_elements": "0.89057", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.04438", "scoring_system": "epss", "scoring_elements": "0.89052", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.04438", "scoring_system": "epss", "scoring_elements": "0.8905", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.04438", "scoring_system": "epss", "scoring_elements": "0.89064", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.04438", "scoring_system": "epss", "scoring_elements": "0.89063", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.04438", "scoring_system": "epss", "scoring_elements": "0.89059", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.04438", "scoring_system": "epss", "scoring_elements": "0.89077", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.04438", "scoring_system": "epss", "scoring_elements": "0.89084", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.04438", "scoring_system": "epss", "scoring_elements": "0.89087", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.04438", "scoring_system": "epss", "scoring_elements": "0.89095", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.04438", "scoring_system": "epss", "scoring_elements": "0.8911", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.04438", "scoring_system": "epss", "scoring_elements": "0.89121", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.04438", "scoring_system": "epss", "scoring_elements": "0.89117", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.04438", "scoring_system": "epss", "scoring_elements": "0.89126", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.04438", "scoring_system": "epss", "scoring_elements": "0.89143", "published_at": "2026-05-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14397" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14397", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14397" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860344", "reference_id": "1860344", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860344" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1811", "reference_id": "RHSA-2021:1811", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1811" }, { "reference_url": "https://usn.ubuntu.com/4434-1/", "reference_id": "USN-4434-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4434-1/" }, { "reference_url": "https://usn.ubuntu.com/4573-1/", "reference_id": "USN-4573-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4573-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1051607?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.13%2Bdfsg-2%2Bdeb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-81pq-5gvp-zfgw" }, { "vulnerability": "VCID-aphg-42c4-9yct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.13%252Bdfsg-2%252Bdeb11u1" } ], "aliases": [ "CVE-2020-14397" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qfyp-1xhm-13au" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81152?format=api", "vulnerability_id": "VCID-sgkq-a36z-gyfp", "summary": "libvncserver: buffer overflow in ConnectClientToUnixSock()", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-20839.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-20839.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-20839", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04081", "scoring_system": "epss", "scoring_elements": "0.88505", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.04081", "scoring_system": "epss", "scoring_elements": "0.88513", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.04081", "scoring_system": "epss", "scoring_elements": "0.8853", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.04081", "scoring_system": "epss", "scoring_elements": "0.88534", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.04081", "scoring_system": "epss", "scoring_elements": "0.88553", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.04081", "scoring_system": "epss", "scoring_elements": "0.88557", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.04081", "scoring_system": "epss", "scoring_elements": "0.88569", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.04081", "scoring_system": "epss", "scoring_elements": "0.88561", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.04081", "scoring_system": "epss", "scoring_elements": "0.88575", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.04081", "scoring_system": "epss", "scoring_elements": "0.88571", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.04081", "scoring_system": "epss", "scoring_elements": "0.88585", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.04081", "scoring_system": "epss", "scoring_elements": "0.88591", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.04081", "scoring_system": "epss", "scoring_elements": "0.88589", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.04081", "scoring_system": "epss", "scoring_elements": "0.88601", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.04081", "scoring_system": "epss", "scoring_elements": "0.88617", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.04081", "scoring_system": "epss", "scoring_elements": "0.8863", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.04081", "scoring_system": "epss", "scoring_elements": "0.88627", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.04081", "scoring_system": "epss", "scoring_elements": "0.88639", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.04081", "scoring_system": "epss", "scoring_elements": "0.88667", "published_at": "2026-05-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-20839" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20839", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20839" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1849877", "reference_id": "1849877", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1849877" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1811", "reference_id": "RHSA-2021:1811", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1811" }, { "reference_url": "https://usn.ubuntu.com/4434-1/", "reference_id": "USN-4434-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4434-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1051607?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.13%2Bdfsg-2%2Bdeb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-81pq-5gvp-zfgw" }, { "vulnerability": "VCID-aphg-42c4-9yct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.13%252Bdfsg-2%252Bdeb11u1" } ], "aliases": [ "CVE-2019-20839" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sgkq-a36z-gyfp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81857?format=api", "vulnerability_id": "VCID-tj14-ykx8-qqgn", "summary": "libvncserver: integer overflow and heap-based buffer overflow in libvncclient/cursor.c in HandleCursorShape function", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-20788.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-20788.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-20788", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00796", "scoring_system": "epss", "scoring_elements": "0.74141", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00796", "scoring_system": "epss", "scoring_elements": "0.73929", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00796", "scoring_system": "epss", "scoring_elements": "0.73938", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00796", "scoring_system": "epss", "scoring_elements": "0.73964", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00796", "scoring_system": "epss", "scoring_elements": "0.73935", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00796", "scoring_system": "epss", "scoring_elements": "0.73969", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00796", "scoring_system": "epss", "scoring_elements": "0.73983", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00796", "scoring_system": "epss", "scoring_elements": "0.74006", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00796", "scoring_system": "epss", "scoring_elements": "0.73988", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00796", "scoring_system": "epss", "scoring_elements": "0.73979", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00796", "scoring_system": "epss", "scoring_elements": "0.74019", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00796", "scoring_system": "epss", "scoring_elements": "0.74028", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00796", "scoring_system": "epss", "scoring_elements": "0.7402", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00796", "scoring_system": "epss", "scoring_elements": "0.74052", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00796", "scoring_system": "epss", "scoring_elements": "0.74061", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00796", "scoring_system": "epss", "scoring_elements": "0.7406", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00796", "scoring_system": "epss", "scoring_elements": "0.74078", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00796", "scoring_system": "epss", "scoring_elements": "0.741", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00796", "scoring_system": "epss", "scoring_elements": "0.74085", "published_at": "2026-05-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-20788" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20788", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20788" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1829870", "reference_id": "1829870", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1829870" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954163", "reference_id": "954163", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954163" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0913", "reference_id": "RHSA-2020:0913", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0913" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0920", "reference_id": "RHSA-2020:0920", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0920" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0921", "reference_id": "RHSA-2020:0921", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0921" }, { "reference_url": "https://usn.ubuntu.com/4407-1/", "reference_id": "USN-4407-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4407-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1051607?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.13%2Bdfsg-2%2Bdeb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-81pq-5gvp-zfgw" }, { "vulnerability": "VCID-aphg-42c4-9yct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.13%252Bdfsg-2%252Bdeb11u1" } ], "aliases": [ "CVE-2019-20788" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tj14-ykx8-qqgn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/79074?format=api", "vulnerability_id": "VCID-tnzy-mktx-e7fm", "summary": "libvncserver: a memory leak via the function rfbClientCleanup() may lead to a DoS", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-29260.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-29260.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-29260", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46493", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46531", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46551", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.465", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46555", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46578", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.4655", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46559", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46615", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46613", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46541", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46552", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46501", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46406", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46471", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46491", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46434", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46467", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46537", "published_at": "2026-05-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-29260" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29260", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29260" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1019228", "reference_id": "1019228", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1019228" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124164", "reference_id": "2124164", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124164" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1051607?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.13%2Bdfsg-2%2Bdeb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-81pq-5gvp-zfgw" }, { "vulnerability": "VCID-aphg-42c4-9yct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.13%252Bdfsg-2%252Bdeb11u1" } ], "aliases": [ "CVE-2020-29260" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tnzy-mktx-e7fm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81155?format=api", "vulnerability_id": "VCID-wzpf-4nu7-xyc6", "summary": "libvncserver: libvncclient/rfbproto.c does not limit TextChat size", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14405.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14405.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14405", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01448", "scoring_system": "epss", "scoring_elements": "0.80698", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01448", "scoring_system": "epss", "scoring_elements": "0.80708", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01448", "scoring_system": "epss", "scoring_elements": "0.80729", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01448", "scoring_system": "epss", "scoring_elements": "0.80725", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01448", "scoring_system": "epss", "scoring_elements": "0.80753", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01448", "scoring_system": "epss", "scoring_elements": "0.80761", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01448", "scoring_system": "epss", "scoring_elements": "0.80778", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01448", "scoring_system": "epss", "scoring_elements": "0.80762", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01448", "scoring_system": "epss", "scoring_elements": "0.80754", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01448", "scoring_system": "epss", "scoring_elements": "0.80791", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01448", "scoring_system": "epss", "scoring_elements": "0.80792", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01448", "scoring_system": "epss", "scoring_elements": "0.80793", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01448", "scoring_system": "epss", "scoring_elements": "0.80817", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01448", "scoring_system": "epss", "scoring_elements": "0.80821", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.01448", "scoring_system": "epss", "scoring_elements": "0.80835", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.01448", "scoring_system": "epss", "scoring_elements": "0.80852", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.01448", "scoring_system": "epss", "scoring_elements": "0.80874", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.01448", "scoring_system": "epss", "scoring_elements": "0.80897", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.01448", "scoring_system": "epss", "scoring_elements": "0.80891", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.01448", "scoring_system": "epss", "scoring_elements": "0.80909", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.01448", "scoring_system": "epss", "scoring_elements": "0.80952", "published_at": "2026-05-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14405" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14405", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14405" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860325", "reference_id": "1860325", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860325" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1811", "reference_id": "RHSA-2021:1811", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1811" }, { "reference_url": "https://usn.ubuntu.com/4434-1/", "reference_id": "USN-4434-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4434-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1051607?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.13%2Bdfsg-2%2Bdeb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-81pq-5gvp-zfgw" }, { "vulnerability": "VCID-aphg-42c4-9yct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.13%252Bdfsg-2%252Bdeb11u1" } ], "aliases": [ "CVE-2020-14405" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wzpf-4nu7-xyc6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81162?format=api", "vulnerability_id": "VCID-x78k-5wm4-kkaj", "summary": "libvncserver: byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14400.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14400.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14400", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02477", "scoring_system": "epss", "scoring_elements": "0.85436", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.02477", "scoring_system": "epss", "scoring_elements": "0.85211", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.02477", "scoring_system": "epss", "scoring_elements": "0.85223", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02477", "scoring_system": "epss", "scoring_elements": "0.85241", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02477", "scoring_system": "epss", "scoring_elements": "0.85244", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02477", "scoring_system": "epss", "scoring_elements": "0.85266", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02477", "scoring_system": "epss", "scoring_elements": "0.85274", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02477", "scoring_system": "epss", "scoring_elements": "0.85288", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02477", "scoring_system": "epss", "scoring_elements": "0.85286", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02477", "scoring_system": "epss", "scoring_elements": "0.85283", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02477", "scoring_system": "epss", "scoring_elements": "0.85304", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.02477", "scoring_system": "epss", "scoring_elements": "0.85305", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.02477", "scoring_system": "epss", "scoring_elements": "0.85301", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.02477", "scoring_system": "epss", "scoring_elements": "0.85323", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.02477", "scoring_system": "epss", "scoring_elements": "0.85333", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.02477", "scoring_system": "epss", "scoring_elements": "0.85332", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.02477", "scoring_system": "epss", "scoring_elements": "0.85346", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.02477", "scoring_system": "epss", "scoring_elements": "0.85372", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.02477", "scoring_system": "epss", "scoring_elements": "0.8539", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.02477", "scoring_system": "epss", "scoring_elements": "0.85385", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.02477", "scoring_system": "epss", "scoring_elements": "0.85398", "published_at": "2026-05-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14400" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14400", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14400" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860361", "reference_id": "1860361", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860361" }, { "reference_url": "https://usn.ubuntu.com/4434-1/", "reference_id": "USN-4434-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4434-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1051607?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.13%2Bdfsg-2%2Bdeb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-81pq-5gvp-zfgw" }, { "vulnerability": "VCID-aphg-42c4-9yct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.13%252Bdfsg-2%252Bdeb11u1" } ], "aliases": [ "CVE-2020-14400" ], "risk_score": 1.1, "exploitability": "0.5", "weighted_severity": "2.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x78k-5wm4-kkaj" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/82899?format=api", "vulnerability_id": "VCID-p9tk-fn6b-cbbv", "summary": "libvncserver: Multiple heap out-of-bound writes in VNC client code (Incomplete fix for CVE-2018-20019)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20748.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20748.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-20748", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.10572", "scoring_system": "epss", "scoring_elements": "0.93246", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.10572", "scoring_system": "epss", "scoring_elements": "0.93254", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.10572", "scoring_system": "epss", "scoring_elements": "0.93259", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.10572", "scoring_system": "epss", "scoring_elements": "0.93258", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.10572", "scoring_system": "epss", "scoring_elements": "0.93267", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.10572", "scoring_system": "epss", "scoring_elements": "0.93271", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.10572", "scoring_system": "epss", "scoring_elements": "0.93275", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.10572", "scoring_system": "epss", "scoring_elements": "0.93273", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.10572", "scoring_system": "epss", "scoring_elements": "0.93292", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.10572", "scoring_system": "epss", "scoring_elements": "0.93297", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.10572", "scoring_system": "epss", "scoring_elements": "0.93304", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.10572", "scoring_system": "epss", "scoring_elements": "0.9331", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.10572", "scoring_system": "epss", "scoring_elements": "0.93307", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.10572", "scoring_system": "epss", "scoring_elements": "0.93302", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.10572", "scoring_system": "epss", "scoring_elements": "0.93308", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.10572", "scoring_system": "epss", "scoring_elements": "0.93322", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.10572", "scoring_system": "epss", "scoring_elements": "0.93331", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.10572", "scoring_system": "epss", "scoring_elements": "0.93339", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.10572", "scoring_system": "epss", "scoring_elements": "0.93353", "published_at": "2026-05-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-20748" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20748", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20748" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1671407", "reference_id": "1671407", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1671407" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920941", "reference_id": "920941", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920941" }, { "reference_url": "https://usn.ubuntu.com/3877-1/", "reference_id": "USN-3877-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3877-1/" }, { "reference_url": "https://usn.ubuntu.com/4547-1/", "reference_id": "USN-4547-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4547-1/" }, { "reference_url": "https://usn.ubuntu.com/4587-1/", "reference_id": "USN-4587-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4587-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049503?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.11%2Bdfsg-1.3%2Bdeb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6w3g-x86a-sfbj" }, { "vulnerability": "VCID-7taj-t1kg-h3a9" }, { "vulnerability": "VCID-9eyh-gzse-8qdk" }, { "vulnerability": "VCID-d3c1-uv78-a7cj" }, { "vulnerability": "VCID-dmax-ew5t-4fg4" }, { "vulnerability": "VCID-dzex-yhec-uydq" }, { "vulnerability": "VCID-j4kf-j3t8-fbfb" }, { "vulnerability": "VCID-kzk2-vaa2-6bfa" }, { "vulnerability": "VCID-nxh7-7s8e-g3ec" }, { "vulnerability": "VCID-q3t7-3yq6-gkan" }, { "vulnerability": "VCID-q4eg-8ph7-nfer" }, { "vulnerability": "VCID-qde7-y8q2-2bgq" }, { "vulnerability": "VCID-qfyp-1xhm-13au" }, { "vulnerability": "VCID-sgkq-a36z-gyfp" }, { "vulnerability": "VCID-tj14-ykx8-qqgn" }, { "vulnerability": "VCID-tnzy-mktx-e7fm" }, { "vulnerability": "VCID-wzpf-4nu7-xyc6" }, { "vulnerability": "VCID-x78k-5wm4-kkaj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.11%252Bdfsg-1.3%252Bdeb10u4" } ], "aliases": [ "CVE-2018-20748" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "7.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p9tk-fn6b-cbbv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/82898?format=api", "vulnerability_id": "VCID-qukp-tx5e-6yhe", "summary": "libvncserver: Heap out-of-bounds write in rfbserver.c in rfbProcessFileTransferReadBuffer() allows for potential code execution (Incomplete fix for CVE-2018-15127)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20750.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20750.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-20750", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04387", "scoring_system": "epss", "scoring_elements": "0.89081", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.04387", "scoring_system": "epss", "scoring_elements": "0.89035", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.04387", "scoring_system": "epss", "scoring_elements": "0.8905", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.04387", "scoring_system": "epss", "scoring_elements": "0.89061", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.04387", "scoring_system": "epss", "scoring_elements": "0.89056", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.04387", "scoring_system": "epss", "scoring_elements": "0.89065", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.10369", "scoring_system": "epss", "scoring_elements": "0.93196", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.10369", "scoring_system": "epss", "scoring_elements": "0.93205", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.10369", "scoring_system": "epss", "scoring_elements": "0.93202", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.10369", "scoring_system": "epss", "scoring_elements": "0.93204", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.10369", "scoring_system": "epss", "scoring_elements": "0.93219", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.10369", "scoring_system": "epss", "scoring_elements": "0.93224", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.10369", "scoring_system": "epss", "scoring_elements": "0.93232", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.10369", "scoring_system": "epss", "scoring_elements": "0.93237", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.10369", "scoring_system": "epss", "scoring_elements": "0.93235", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.10369", "scoring_system": "epss", "scoring_elements": "0.93231", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.10369", "scoring_system": "epss", "scoring_elements": "0.93175", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.10369", "scoring_system": "epss", "scoring_elements": "0.932", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.10369", "scoring_system": "epss", "scoring_elements": "0.93185", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.10369", "scoring_system": "epss", "scoring_elements": "0.93189", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.10369", "scoring_system": "epss", "scoring_elements": "0.93187", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-20750" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20750", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20750" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1671405", "reference_id": "1671405", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1671405" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920941", "reference_id": "920941", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920941" }, { "reference_url": "https://usn.ubuntu.com/3877-1/", "reference_id": "USN-3877-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3877-1/" }, { "reference_url": "https://usn.ubuntu.com/4547-1/", "reference_id": "USN-4547-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4547-1/" }, { "reference_url": "https://usn.ubuntu.com/4587-1/", "reference_id": "USN-4587-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4587-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049503?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.11%2Bdfsg-1.3%2Bdeb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6w3g-x86a-sfbj" }, { "vulnerability": "VCID-7taj-t1kg-h3a9" }, { "vulnerability": "VCID-9eyh-gzse-8qdk" }, { "vulnerability": "VCID-d3c1-uv78-a7cj" }, { "vulnerability": "VCID-dmax-ew5t-4fg4" }, { "vulnerability": "VCID-dzex-yhec-uydq" }, { "vulnerability": "VCID-j4kf-j3t8-fbfb" }, { "vulnerability": "VCID-kzk2-vaa2-6bfa" }, { "vulnerability": "VCID-nxh7-7s8e-g3ec" }, { "vulnerability": "VCID-q3t7-3yq6-gkan" }, { "vulnerability": "VCID-q4eg-8ph7-nfer" }, { "vulnerability": "VCID-qde7-y8q2-2bgq" }, { "vulnerability": "VCID-qfyp-1xhm-13au" }, { "vulnerability": "VCID-sgkq-a36z-gyfp" }, { "vulnerability": "VCID-tj14-ykx8-qqgn" }, { "vulnerability": "VCID-tnzy-mktx-e7fm" }, { "vulnerability": "VCID-wzpf-4nu7-xyc6" }, { "vulnerability": "VCID-x78k-5wm4-kkaj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.11%252Bdfsg-1.3%252Bdeb10u4" } ], "aliases": [ "CVE-2018-20750" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qukp-tx5e-6yhe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/82897?format=api", "vulnerability_id": "VCID-v7mt-jtes-h3bz", "summary": "libvncserver: Heap out-of-bounds write in rfbserver.c in rfbProcessFileTransferReadBuffer() allows for potential code execution (Incomplete fix for CVE-2018-15127)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20749.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20749.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-20749", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.10369", "scoring_system": "epss", "scoring_elements": "0.93175", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.10369", "scoring_system": "epss", "scoring_elements": "0.93185", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.10369", "scoring_system": "epss", "scoring_elements": "0.93189", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.10369", "scoring_system": "epss", "scoring_elements": "0.93187", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.10369", "scoring_system": "epss", "scoring_elements": "0.93196", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.10369", "scoring_system": "epss", "scoring_elements": "0.932", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.10369", "scoring_system": "epss", "scoring_elements": "0.93205", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.10369", "scoring_system": "epss", "scoring_elements": "0.93202", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.10369", "scoring_system": "epss", "scoring_elements": "0.93204", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.10369", "scoring_system": "epss", "scoring_elements": "0.93219", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.10369", "scoring_system": "epss", "scoring_elements": "0.93224", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.10369", "scoring_system": "epss", "scoring_elements": "0.93232", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.10369", "scoring_system": "epss", "scoring_elements": "0.93237", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.10369", "scoring_system": "epss", "scoring_elements": "0.93235", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.10369", "scoring_system": "epss", "scoring_elements": "0.93231", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.10369", "scoring_system": "epss", "scoring_elements": "0.93238", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.10369", "scoring_system": "epss", "scoring_elements": "0.93252", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.10369", "scoring_system": "epss", "scoring_elements": "0.93261", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.10369", "scoring_system": "epss", "scoring_elements": "0.93262", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.10369", "scoring_system": "epss", "scoring_elements": "0.93269", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.10369", "scoring_system": "epss", "scoring_elements": "0.93284", "published_at": "2026-05-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-20749" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20749", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20749" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1671403", "reference_id": "1671403", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1671403" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920941", "reference_id": "920941", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920941" }, { "reference_url": "https://usn.ubuntu.com/3877-1/", "reference_id": "USN-3877-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3877-1/" }, { "reference_url": "https://usn.ubuntu.com/4547-1/", "reference_id": "USN-4547-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4547-1/" }, { "reference_url": "https://usn.ubuntu.com/4587-1/", "reference_id": "USN-4587-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4587-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049503?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.11%2Bdfsg-1.3%2Bdeb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6w3g-x86a-sfbj" }, { "vulnerability": "VCID-7taj-t1kg-h3a9" }, { "vulnerability": "VCID-9eyh-gzse-8qdk" }, { "vulnerability": "VCID-d3c1-uv78-a7cj" }, { "vulnerability": "VCID-dmax-ew5t-4fg4" }, { "vulnerability": "VCID-dzex-yhec-uydq" }, { "vulnerability": "VCID-j4kf-j3t8-fbfb" }, { "vulnerability": "VCID-kzk2-vaa2-6bfa" }, { "vulnerability": "VCID-nxh7-7s8e-g3ec" }, { "vulnerability": "VCID-q3t7-3yq6-gkan" }, { "vulnerability": "VCID-q4eg-8ph7-nfer" }, { "vulnerability": "VCID-qde7-y8q2-2bgq" }, { "vulnerability": "VCID-qfyp-1xhm-13au" }, { "vulnerability": "VCID-sgkq-a36z-gyfp" }, { "vulnerability": "VCID-tj14-ykx8-qqgn" }, { "vulnerability": "VCID-tnzy-mktx-e7fm" }, { "vulnerability": "VCID-wzpf-4nu7-xyc6" }, { "vulnerability": "VCID-x78k-5wm4-kkaj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.11%252Bdfsg-1.3%252Bdeb10u4" } ], "aliases": [ "CVE-2018-20749" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v7mt-jtes-h3bz" } ], "risk_score": "4.4", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.11%252Bdfsg-1.3%252Bdeb10u4" }