Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/1051607?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/1051607?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.13%2Bdfsg-2%2Bdeb11u1", "type": "deb", "namespace": "debian", "name": "libvncserver", "version": "0.9.13+dfsg-2+deb11u1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "0.9.14+dfsg-1+deb12u1", "latest_non_vulnerable_version": "0.9.15+dfsg-1+deb13u1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64118?format=api", "vulnerability_id": "VCID-81pq-5gvp-zfgw", "summary": "LibVNCServer: LibVNCServer: Denial of Service via specially crafted HTTP requests", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32854.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32854.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-32854", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01368", "scoring_system": "epss", "scoring_elements": "0.8024", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01368", "scoring_system": "epss", "scoring_elements": "0.80266", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01577", "scoring_system": "epss", "scoring_elements": "0.81637", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.01577", "scoring_system": "epss", "scoring_elements": "0.81633", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.01761", "scoring_system": "epss", "scoring_elements": "0.826", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01761", "scoring_system": "epss", "scoring_elements": "0.82555", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01761", "scoring_system": "epss", "scoring_elements": "0.8257", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01761", "scoring_system": "epss", "scoring_elements": "0.82566", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01761", "scoring_system": "epss", "scoring_elements": "0.82592", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01761", "scoring_system": "epss", "scoring_elements": "0.82618", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01761", "scoring_system": "epss", "scoring_elements": "0.82612", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01761", "scoring_system": "epss", "scoring_elements": "0.82607", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01761", "scoring_system": "epss", "scoring_elements": "0.82644", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01761", "scoring_system": "epss", "scoring_elements": "0.82645", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.02731", "scoring_system": "epss", "scoring_elements": "0.86018", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.02731", "scoring_system": "epss", "scoring_elements": "0.86041", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-32854" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32854", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32854" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132017", "reference_id": "1132017", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132017" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450845", "reference_id": "2450845", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450845" }, { "reference_url": "https://github.com/LibVNC/libvncserver/commit/dc78dee51a7e270e537a541a17befdf2073f5314", "reference_id": "dc78dee51a7e270e537a541a17befdf2073f5314", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-27T03:52:09Z/" } ], "url": "https://github.com/LibVNC/libvncserver/commit/dc78dee51a7e270e537a541a17befdf2073f5314" }, { "reference_url": "https://github.com/LibVNC/libvncserver/security/advisories/GHSA-xjp8-4qqv-5x4x", "reference_id": "GHSA-xjp8-4qqv-5x4x", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-27T03:52:09Z/" } ], "url": "https://github.com/LibVNC/libvncserver/security/advisories/GHSA-xjp8-4qqv-5x4x" }, { "reference_url": "https://www.vulncheck.com/advisories/libvncserver-httpd-proxy-null-pointer-dereference", "reference_id": "libvncserver-httpd-proxy-null-pointer-dereference", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-27T03:52:09Z/" } ], "url": "https://www.vulncheck.com/advisories/libvncserver-httpd-proxy-null-pointer-dereference" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1089449?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.14%2Bdfsg-1%2Bdeb12u1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.14%252Bdfsg-1%252Bdeb12u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1072957?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.15%2Bdfsg-1%2Bdeb13u1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.15%252Bdfsg-1%252Bdeb13u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1055163?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.15%2Bdfsg-3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.15%252Bdfsg-3" } ], "aliases": [ "CVE-2026-32854" ], "risk_score": 2.9, "exploitability": "0.5", "weighted_severity": "5.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-81pq-5gvp-zfgw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64119?format=api", "vulnerability_id": "VCID-aphg-42c4-9yct", "summary": "LibVNCServer: LibVNCServer: Information disclosure or Denial of Service via heap out-of-bounds read in UltraZip encoding", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32853.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32853.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-32853", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12237", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12212", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12281", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.1208", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12161", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12221", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12184", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12149", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12018", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12015", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12129", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.1211", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13184", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13287", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18186", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18271", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-32853" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32853", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32853" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/LibVNC/libvncserver/commit/009008e2f4d5a54dd71f422070df3af7b3dbc931", "reference_id": "009008e2f4d5a54dd71f422070df3af7b3dbc931", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T13:41:12Z/" } ], "url": "https://github.com/LibVNC/libvncserver/commit/009008e2f4d5a54dd71f422070df3af7b3dbc931" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132016", "reference_id": "1132016", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132016" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450843", "reference_id": "2450843", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450843" }, { "reference_url": "https://github.com/LibVNC/libvncserver/security/advisories/GHSA-87q7-v983-qwcj", "reference_id": "GHSA-87q7-v983-qwcj", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T13:41:12Z/" } ], "url": "https://github.com/LibVNC/libvncserver/security/advisories/GHSA-87q7-v983-qwcj" }, { "reference_url": "https://www.vulncheck.com/advisories/libvncserver-ultrazip-encoding-heap-out-of-bounds-read", "reference_id": "libvncserver-ultrazip-encoding-heap-out-of-bounds-read", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T13:41:12Z/" } ], "url": "https://www.vulncheck.com/advisories/libvncserver-ultrazip-encoding-heap-out-of-bounds-read" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1089449?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.14%2Bdfsg-1%2Bdeb12u1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.14%252Bdfsg-1%252Bdeb12u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1072957?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.15%2Bdfsg-1%2Bdeb13u1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.15%252Bdfsg-1%252Bdeb13u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1055163?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.15%2Bdfsg-3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.15%252Bdfsg-3" } ], "aliases": [ "CVE-2026-32853" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-aphg-42c4-9yct" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81164?format=api", "vulnerability_id": "VCID-6w3g-x86a-sfbj", "summary": "libvncserver: libvncserver/corre.c allows out-of-bounds access via encodings", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14402.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14402.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14402", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02216", "scoring_system": "epss", "scoring_elements": "0.8441", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.02216", "scoring_system": "epss", "scoring_elements": "0.84425", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02216", "scoring_system": "epss", "scoring_elements": "0.84444", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02216", "scoring_system": "epss", "scoring_elements": "0.84446", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02216", "scoring_system": "epss", "scoring_elements": "0.84468", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02216", "scoring_system": "epss", "scoring_elements": "0.84474", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02216", "scoring_system": "epss", "scoring_elements": "0.84492", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02216", "scoring_system": "epss", "scoring_elements": "0.84486", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02216", "scoring_system": "epss", "scoring_elements": "0.84481", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02216", "scoring_system": "epss", "scoring_elements": "0.84503", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.02216", "scoring_system": "epss", "scoring_elements": "0.84504", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.02216", "scoring_system": "epss", "scoring_elements": "0.84506", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.02216", "scoring_system": "epss", "scoring_elements": "0.84533", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.02216", "scoring_system": "epss", "scoring_elements": "0.84542", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.02216", "scoring_system": "epss", "scoring_elements": "0.84545", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.02216", "scoring_system": "epss", "scoring_elements": "0.84561", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.02216", "scoring_system": "epss", "scoring_elements": "0.84588", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14402" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14402", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14402" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860367", "reference_id": "1860367", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860367" }, { "reference_url": "https://usn.ubuntu.com/4434-1/", "reference_id": "USN-4434-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4434-1/" }, { "reference_url": "https://usn.ubuntu.com/4573-1/", "reference_id": "USN-4573-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4573-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1051607?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.13%2Bdfsg-2%2Bdeb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-81pq-5gvp-zfgw" }, { "vulnerability": "VCID-aphg-42c4-9yct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.13%252Bdfsg-2%252Bdeb11u1" } ], "aliases": [ "CVE-2020-14402" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "4.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6w3g-x86a-sfbj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81317?format=api", "vulnerability_id": "VCID-7taj-t1kg-h3a9", "summary": "libvncserver: libvncserver/rfbserver.c has a divide by zero which could result in DoS", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25708.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25708.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25708", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0071", "scoring_system": "epss", "scoring_elements": "0.72321", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.0071", "scoring_system": "epss", "scoring_elements": "0.72255", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0071", "scoring_system": "epss", "scoring_elements": "0.72265", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0071", "scoring_system": "epss", "scoring_elements": "0.72252", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0071", "scoring_system": "epss", "scoring_elements": "0.72297", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0071", "scoring_system": "epss", "scoring_elements": "0.72306", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0071", "scoring_system": "epss", "scoring_elements": "0.72303", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0071", "scoring_system": "epss", "scoring_elements": "0.72293", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00784", "scoring_system": "epss", "scoring_elements": "0.73751", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00784", "scoring_system": "epss", "scoring_elements": "0.73703", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00784", "scoring_system": "epss", "scoring_elements": "0.73713", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00784", "scoring_system": "epss", "scoring_elements": "0.73736", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00784", "scoring_system": "epss", "scoring_elements": "0.73708", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00784", "scoring_system": "epss", "scoring_elements": "0.73743", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00784", "scoring_system": "epss", "scoring_elements": "0.73756", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00784", "scoring_system": "epss", "scoring_elements": "0.73778", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00784", "scoring_system": "epss", "scoring_elements": "0.7376", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25708" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25708", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25708" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1896739", "reference_id": "1896739", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1896739" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1811", "reference_id": "RHSA-2021:1811", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1811" }, { "reference_url": "https://usn.ubuntu.com/4636-1/", "reference_id": "USN-4636-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4636-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1051607?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.13%2Bdfsg-2%2Bdeb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-81pq-5gvp-zfgw" }, { "vulnerability": "VCID-aphg-42c4-9yct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.13%252Bdfsg-2%252Bdeb11u1" } ], "aliases": [ "CVE-2020-25708" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7taj-t1kg-h3a9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81163?format=api", "vulnerability_id": "VCID-9eyh-gzse-8qdk", "summary": "libvncserver: libvncserver/scale.c has a pixel_value integer overflow", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14401.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14401.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14401", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01613", "scoring_system": "epss", "scoring_elements": "0.81711", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01613", "scoring_system": "epss", "scoring_elements": "0.81721", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01613", "scoring_system": "epss", "scoring_elements": "0.81745", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01613", "scoring_system": "epss", "scoring_elements": "0.81741", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01613", "scoring_system": "epss", "scoring_elements": "0.81768", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01613", "scoring_system": "epss", "scoring_elements": "0.81773", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01613", "scoring_system": "epss", "scoring_elements": "0.81792", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01613", "scoring_system": "epss", "scoring_elements": "0.8178", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01613", "scoring_system": "epss", "scoring_elements": "0.81776", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01613", "scoring_system": "epss", "scoring_elements": "0.81813", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01613", "scoring_system": "epss", "scoring_elements": "0.81816", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01613", "scoring_system": "epss", "scoring_elements": "0.8184", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01613", "scoring_system": "epss", "scoring_elements": "0.8185", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.01613", "scoring_system": "epss", "scoring_elements": "0.81855", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.01613", "scoring_system": "epss", "scoring_elements": "0.81873", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.01613", "scoring_system": "epss", "scoring_elements": "0.81893", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14401" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14401", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14401" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860364", "reference_id": "1860364", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860364" }, { "reference_url": "https://usn.ubuntu.com/4434-1/", "reference_id": "USN-4434-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4434-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1051607?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.13%2Bdfsg-2%2Bdeb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-81pq-5gvp-zfgw" }, { "vulnerability": "VCID-aphg-42c4-9yct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.13%252Bdfsg-2%252Bdeb11u1" } ], "aliases": [ "CVE-2020-14401" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9eyh-gzse-8qdk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81157?format=api", "vulnerability_id": "VCID-d3c1-uv78-a7cj", "summary": "libvncserver: libvncserver/rre.c allows out-of-bounds access via encodings", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14404.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14404.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14404", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01332", "scoring_system": "epss", "scoring_elements": "0.79907", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01332", "scoring_system": "epss", "scoring_elements": "0.79914", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01332", "scoring_system": "epss", "scoring_elements": "0.79935", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01332", "scoring_system": "epss", "scoring_elements": "0.79923", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01332", "scoring_system": "epss", "scoring_elements": "0.79952", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01332", "scoring_system": "epss", "scoring_elements": "0.79961", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01332", "scoring_system": "epss", "scoring_elements": "0.79981", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01332", "scoring_system": "epss", "scoring_elements": "0.79964", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01332", "scoring_system": "epss", "scoring_elements": "0.79956", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01332", "scoring_system": "epss", "scoring_elements": "0.79984", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01332", "scoring_system": "epss", "scoring_elements": "0.79987", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01332", "scoring_system": "epss", "scoring_elements": "0.80015", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01332", "scoring_system": "epss", "scoring_elements": "0.8002", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.01332", "scoring_system": "epss", "scoring_elements": "0.80036", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.01332", "scoring_system": "epss", "scoring_elements": "0.80049", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.01332", "scoring_system": "epss", "scoring_elements": "0.80072", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14404" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14404", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14404" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860337", "reference_id": "1860337", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860337" }, { "reference_url": "https://usn.ubuntu.com/4434-1/", "reference_id": "USN-4434-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4434-1/" }, { "reference_url": "https://usn.ubuntu.com/4573-1/", "reference_id": "USN-4573-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4573-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1051607?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.13%2Bdfsg-2%2Bdeb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-81pq-5gvp-zfgw" }, { "vulnerability": "VCID-aphg-42c4-9yct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.13%252Bdfsg-2%252Bdeb11u1" } ], "aliases": [ "CVE-2020-14404" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "4.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d3c1-uv78-a7cj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81158?format=api", "vulnerability_id": "VCID-dmax-ew5t-4fg4", "summary": "libvncserver: libvncclient/tls_openssl.c has a NULL pointer dereference", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14396.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14396.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14396", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01582", "scoring_system": "epss", "scoring_elements": "0.81513", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01582", "scoring_system": "epss", "scoring_elements": "0.81525", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01582", "scoring_system": "epss", "scoring_elements": "0.81546", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01582", "scoring_system": "epss", "scoring_elements": "0.81545", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01582", "scoring_system": "epss", "scoring_elements": "0.81572", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01582", "scoring_system": "epss", "scoring_elements": "0.81578", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01582", "scoring_system": "epss", "scoring_elements": "0.81598", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01582", "scoring_system": "epss", "scoring_elements": "0.81586", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01582", "scoring_system": "epss", "scoring_elements": "0.81579", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01582", "scoring_system": "epss", "scoring_elements": "0.81616", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01582", "scoring_system": "epss", "scoring_elements": "0.81617", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01582", "scoring_system": "epss", "scoring_elements": "0.81621", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01582", "scoring_system": "epss", "scoring_elements": "0.81643", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01582", "scoring_system": "epss", "scoring_elements": "0.81652", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.01582", "scoring_system": "epss", "scoring_elements": "0.81656", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.01582", "scoring_system": "epss", "scoring_elements": "0.81673", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.01582", "scoring_system": "epss", "scoring_elements": "0.81694", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14396" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14396", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14396" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860340", "reference_id": "1860340", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860340" }, { "reference_url": "https://usn.ubuntu.com/4434-1/", "reference_id": "USN-4434-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4434-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1051607?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.13%2Bdfsg-2%2Bdeb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-81pq-5gvp-zfgw" }, { "vulnerability": "VCID-aphg-42c4-9yct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.13%252Bdfsg-2%252Bdeb11u1" } ], "aliases": [ "CVE-2020-14396" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dmax-ew5t-4fg4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/84579?format=api", "vulnerability_id": "VCID-dzex-yhec-uydq", "summary": "libvncserver: websocket decoding buffer overflow", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-18922.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-18922.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-18922", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04777", "scoring_system": "epss", "scoring_elements": "0.89423", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.04777", "scoring_system": "epss", "scoring_elements": "0.89428", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.04777", "scoring_system": "epss", "scoring_elements": "0.89439", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.04777", "scoring_system": "epss", "scoring_elements": "0.89441", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.04777", "scoring_system": "epss", "scoring_elements": "0.89457", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.04777", "scoring_system": "epss", "scoring_elements": "0.89461", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.04777", "scoring_system": "epss", "scoring_elements": "0.89469", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.04777", "scoring_system": "epss", "scoring_elements": "0.89467", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.04777", "scoring_system": "epss", "scoring_elements": "0.89463", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.04777", "scoring_system": "epss", "scoring_elements": "0.89477", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.04777", "scoring_system": "epss", "scoring_elements": "0.89478", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.04777", "scoring_system": "epss", "scoring_elements": "0.89475", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.06869", "scoring_system": "epss", "scoring_elements": "0.91435", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.06869", "scoring_system": "epss", "scoring_elements": "0.91408", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.06869", "scoring_system": "epss", "scoring_elements": "0.91406", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.06869", "scoring_system": "epss", "scoring_elements": "0.91405", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.06869", "scoring_system": "epss", "scoring_elements": "0.91419", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-18922" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18922", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18922" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852356", "reference_id": "1852356", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852356" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3281", "reference_id": "RHSA-2020:3281", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3281" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3385", "reference_id": "RHSA-2020:3385", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3385" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3456", "reference_id": "RHSA-2020:3456", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3456" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3588", "reference_id": "RHSA-2020:3588", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3588" }, { "reference_url": "https://usn.ubuntu.com/4407-1/", "reference_id": "USN-4407-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4407-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1051607?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.13%2Bdfsg-2%2Bdeb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-81pq-5gvp-zfgw" }, { "vulnerability": "VCID-aphg-42c4-9yct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.13%252Bdfsg-2%252Bdeb11u1" } ], "aliases": [ "CVE-2017-18922" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dzex-yhec-uydq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81160?format=api", "vulnerability_id": "VCID-j4kf-j3t8-fbfb", "summary": "libvncserver: an improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14398.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14398.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14398", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02271", "scoring_system": "epss", "scoring_elements": "0.84576", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.02271", "scoring_system": "epss", "scoring_elements": "0.8459", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02271", "scoring_system": "epss", "scoring_elements": "0.84611", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02271", "scoring_system": "epss", "scoring_elements": "0.84613", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02271", "scoring_system": "epss", "scoring_elements": "0.84634", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02271", "scoring_system": "epss", "scoring_elements": "0.84641", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02271", "scoring_system": "epss", "scoring_elements": "0.84659", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02271", "scoring_system": "epss", "scoring_elements": "0.84654", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02271", "scoring_system": "epss", "scoring_elements": "0.84649", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02271", "scoring_system": "epss", "scoring_elements": "0.8467", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.02271", "scoring_system": "epss", "scoring_elements": "0.84671", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.02271", "scoring_system": "epss", "scoring_elements": "0.84672", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.02271", "scoring_system": "epss", "scoring_elements": "0.84699", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.02271", "scoring_system": "epss", "scoring_elements": "0.84709", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.02271", "scoring_system": "epss", "scoring_elements": "0.8471", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.02271", "scoring_system": "epss", "scoring_elements": "0.84724", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.02271", "scoring_system": "epss", "scoring_elements": "0.8475", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14398" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14398", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14398" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860348", "reference_id": "1860348", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860348" }, { "reference_url": "https://usn.ubuntu.com/4434-1/", "reference_id": "USN-4434-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4434-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1051607?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.13%2Bdfsg-2%2Bdeb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-81pq-5gvp-zfgw" }, { "vulnerability": "VCID-aphg-42c4-9yct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.13%252Bdfsg-2%252Bdeb11u1" } ], "aliases": [ "CVE-2020-14398" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j4kf-j3t8-fbfb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81161?format=api", "vulnerability_id": "VCID-kzk2-vaa2-6bfa", "summary": "libvncserver: byte-aligned data is accessed through uint32_t pointers in libvncclient/rfbproto.c", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14399.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14399.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14399", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02462", "scoring_system": "epss", "scoring_elements": "0.85338", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.02462", "scoring_system": "epss", "scoring_elements": "0.85176", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.02462", "scoring_system": "epss", "scoring_elements": "0.85187", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02462", "scoring_system": "epss", "scoring_elements": "0.85205", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02462", "scoring_system": "epss", "scoring_elements": "0.85206", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02462", "scoring_system": "epss", "scoring_elements": "0.85228", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02462", "scoring_system": "epss", "scoring_elements": "0.85236", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02462", "scoring_system": "epss", "scoring_elements": "0.85251", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02462", "scoring_system": "epss", "scoring_elements": "0.85249", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02462", "scoring_system": "epss", "scoring_elements": "0.85245", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02462", "scoring_system": "epss", "scoring_elements": "0.85265", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.02462", "scoring_system": "epss", "scoring_elements": "0.85267", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.02462", "scoring_system": "epss", "scoring_elements": "0.85266", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.02462", "scoring_system": "epss", "scoring_elements": "0.85289", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.02462", "scoring_system": "epss", "scoring_elements": "0.85298", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.02462", "scoring_system": "epss", "scoring_elements": "0.85297", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.02462", "scoring_system": "epss", "scoring_elements": "0.85311", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14399" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14399", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14399" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860354", "reference_id": "1860354", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860354" }, { "reference_url": "https://usn.ubuntu.com/4434-1/", "reference_id": "USN-4434-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4434-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1051607?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.13%2Bdfsg-2%2Bdeb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-81pq-5gvp-zfgw" }, { "vulnerability": "VCID-aphg-42c4-9yct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.13%252Bdfsg-2%252Bdeb11u1" } ], "aliases": [ "CVE-2020-14399" ], "risk_score": 1.1, "exploitability": "0.5", "weighted_severity": "2.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kzk2-vaa2-6bfa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81156?format=api", "vulnerability_id": "VCID-nxh7-7s8e-g3ec", "summary": "libvncserver: libvncserver/hextile.c allows out-of-bounds access via encodings", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14403.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14403.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14403", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01113", "scoring_system": "epss", "scoring_elements": "0.78107", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01113", "scoring_system": "epss", "scoring_elements": "0.78116", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01113", "scoring_system": "epss", "scoring_elements": "0.78145", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01113", "scoring_system": "epss", "scoring_elements": "0.78128", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01113", "scoring_system": "epss", "scoring_elements": "0.78154", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01113", "scoring_system": "epss", "scoring_elements": "0.78161", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01113", "scoring_system": "epss", "scoring_elements": "0.78186", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01113", "scoring_system": "epss", "scoring_elements": "0.78169", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01113", "scoring_system": "epss", "scoring_elements": "0.78165", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01113", "scoring_system": "epss", "scoring_elements": "0.78198", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01113", "scoring_system": "epss", "scoring_elements": "0.78197", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01113", "scoring_system": "epss", "scoring_elements": "0.78192", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01113", "scoring_system": "epss", "scoring_elements": "0.78224", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01113", "scoring_system": "epss", "scoring_elements": "0.7823", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.01113", "scoring_system": "epss", "scoring_elements": "0.78244", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.01113", "scoring_system": "epss", "scoring_elements": "0.78258", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.01113", "scoring_system": "epss", "scoring_elements": "0.78284", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14403" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14403", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14403" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860334", "reference_id": "1860334", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860334" }, { "reference_url": "https://usn.ubuntu.com/4434-1/", "reference_id": "USN-4434-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4434-1/" }, { "reference_url": "https://usn.ubuntu.com/4573-1/", "reference_id": "USN-4573-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4573-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1051607?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.13%2Bdfsg-2%2Bdeb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-81pq-5gvp-zfgw" }, { "vulnerability": "VCID-aphg-42c4-9yct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.13%252Bdfsg-2%252Bdeb11u1" } ], "aliases": [ "CVE-2020-14403" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "4.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nxh7-7s8e-g3ec" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81153?format=api", "vulnerability_id": "VCID-q3t7-3yq6-gkan", "summary": "libvncserver: unaligned accesses in hybiReadAndDecode can lead to a crash", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-20840.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-20840.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-20840", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02026", "scoring_system": "epss", "scoring_elements": "0.83715", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.02026", "scoring_system": "epss", "scoring_elements": "0.83728", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02026", "scoring_system": "epss", "scoring_elements": "0.83742", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02026", "scoring_system": "epss", "scoring_elements": "0.83745", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02026", "scoring_system": "epss", "scoring_elements": "0.83769", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02026", "scoring_system": "epss", "scoring_elements": "0.83775", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02026", "scoring_system": "epss", "scoring_elements": "0.83791", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02026", "scoring_system": "epss", "scoring_elements": "0.83785", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02026", "scoring_system": "epss", "scoring_elements": "0.83781", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02026", "scoring_system": "epss", "scoring_elements": "0.83814", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.02026", "scoring_system": "epss", "scoring_elements": "0.83815", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.02026", "scoring_system": "epss", "scoring_elements": "0.83816", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.02026", "scoring_system": "epss", "scoring_elements": "0.83841", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.02026", "scoring_system": "epss", "scoring_elements": "0.83849", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.02026", "scoring_system": "epss", "scoring_elements": "0.83854", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.02026", "scoring_system": "epss", "scoring_elements": "0.83876", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.02026", "scoring_system": "epss", "scoring_elements": "0.83897", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-20840" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20840", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20840" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1849881", "reference_id": "1849881", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1849881" }, { "reference_url": "https://usn.ubuntu.com/4434-1/", "reference_id": "USN-4434-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4434-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1051607?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.13%2Bdfsg-2%2Bdeb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-81pq-5gvp-zfgw" }, { "vulnerability": "VCID-aphg-42c4-9yct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.13%252Bdfsg-2%252Bdeb11u1" } ], "aliases": [ "CVE-2019-20840" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q3t7-3yq6-gkan" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81891?format=api", "vulnerability_id": "VCID-q4eg-8ph7-nfer", "summary": "libvncserver: information disclosure and ASLR bypass", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-15681.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-15681.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-15681", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06191", "scoring_system": "epss", "scoring_elements": "0.90805", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.06191", "scoring_system": "epss", "scoring_elements": "0.90811", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.06191", "scoring_system": "epss", "scoring_elements": "0.90823", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.06191", "scoring_system": "epss", "scoring_elements": "0.90833", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.06191", "scoring_system": "epss", "scoring_elements": "0.90845", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.06191", "scoring_system": "epss", "scoring_elements": "0.90851", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.06191", "scoring_system": "epss", "scoring_elements": "0.9086", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.06191", "scoring_system": "epss", "scoring_elements": "0.90857", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.06191", "scoring_system": "epss", "scoring_elements": "0.90882", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.06191", "scoring_system": "epss", "scoring_elements": "0.90879", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.06191", "scoring_system": "epss", "scoring_elements": "0.90878", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.06191", "scoring_system": "epss", "scoring_elements": "0.90891", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.06191", "scoring_system": "epss", "scoring_elements": "0.9089", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.06191", "scoring_system": "epss", "scoring_elements": "0.90888", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.06191", "scoring_system": "epss", "scoring_elements": "0.90904", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.06191", "scoring_system": "epss", "scoring_elements": "0.90921", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-15681" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15681", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15681" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1854761", "reference_id": "1854761", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1854761" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=943793", "reference_id": "943793", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=943793" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=945784", "reference_id": "945784", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=945784" }, { "reference_url": "https://usn.ubuntu.com/4407-1/", "reference_id": "USN-4407-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4407-1/" }, { "reference_url": "https://usn.ubuntu.com/4547-1/", "reference_id": "USN-4547-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4547-1/" }, { "reference_url": "https://usn.ubuntu.com/4573-1/", "reference_id": "USN-4573-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4573-1/" }, { "reference_url": "https://usn.ubuntu.com/4587-1/", "reference_id": "USN-4587-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4587-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1051607?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.13%2Bdfsg-2%2Bdeb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-81pq-5gvp-zfgw" }, { "vulnerability": "VCID-aphg-42c4-9yct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.13%252Bdfsg-2%252Bdeb11u1" } ], "aliases": [ "CVE-2019-15681" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q4eg-8ph7-nfer" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81716?format=api", "vulnerability_id": "VCID-qde7-y8q2-2bgq", "summary": "libvncserver: HandleCursorShape() integer overflow resulting in heap-based buffer overflow", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-15690.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-15690.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-15690", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04329", "scoring_system": "epss", "scoring_elements": "0.88864", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.04329", "scoring_system": "epss", "scoring_elements": "0.88872", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.04329", "scoring_system": "epss", "scoring_elements": "0.88975", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.04329", "scoring_system": "epss", "scoring_elements": "0.88945", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.04329", "scoring_system": "epss", "scoring_elements": "0.88952", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.04329", "scoring_system": "epss", "scoring_elements": "0.88959", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.04329", "scoring_system": "epss", "scoring_elements": "0.88888", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.04329", "scoring_system": "epss", "scoring_elements": "0.8889", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.04329", "scoring_system": "epss", "scoring_elements": "0.88909", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.04329", "scoring_system": "epss", "scoring_elements": "0.88914", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.04329", "scoring_system": "epss", "scoring_elements": "0.88925", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.04329", "scoring_system": "epss", "scoring_elements": "0.8892", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.04329", "scoring_system": "epss", "scoring_elements": "0.88934", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.04329", "scoring_system": "epss", "scoring_elements": "0.88932", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.04329", "scoring_system": "epss", "scoring_elements": "0.88928", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-15690" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15690", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15690" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1811948", "reference_id": "1811948", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1811948" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954163", "reference_id": "954163", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954163" }, { "reference_url": "https://ics-cert.kaspersky.com/vulnerabilities/klcert-20-009-remote-code-execution-on-libvnc-version-prior-to-0-9-12/", "reference_id": "klcert-20-009-remote-code-execution-on-libvnc-version-prior-to-0-9-12", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-24T18:22:46Z/" } ], "url": "https://ics-cert.kaspersky.com/vulnerabilities/klcert-20-009-remote-code-execution-on-libvnc-version-prior-to-0-9-12/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0913", "reference_id": "RHSA-2020:0913", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0913" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0920", "reference_id": "RHSA-2020:0920", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0920" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0921", "reference_id": "RHSA-2020:0921", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0921" }, { "reference_url": "https://usn.ubuntu.com/4407-1/", "reference_id": "USN-4407-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4407-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1051607?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.13%2Bdfsg-2%2Bdeb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-81pq-5gvp-zfgw" }, { "vulnerability": "VCID-aphg-42c4-9yct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.13%252Bdfsg-2%252Bdeb11u1" } ], "aliases": [ "CVE-2019-15690" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qde7-y8q2-2bgq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81159?format=api", "vulnerability_id": "VCID-qfyp-1xhm-13au", "summary": "libvncserver: libvncserver/rfbregion.c has a NULL pointer dereference", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14397.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14397.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14397", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04438", "scoring_system": "epss", "scoring_elements": "0.88996", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.04438", "scoring_system": "epss", "scoring_elements": "0.89004", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.04438", "scoring_system": "epss", "scoring_elements": "0.8902", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.04438", "scoring_system": "epss", "scoring_elements": "0.89022", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.04438", "scoring_system": "epss", "scoring_elements": "0.89039", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.04438", "scoring_system": "epss", "scoring_elements": "0.89045", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.04438", "scoring_system": "epss", "scoring_elements": "0.89057", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.04438", "scoring_system": "epss", "scoring_elements": "0.89052", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.04438", "scoring_system": "epss", "scoring_elements": "0.8905", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.04438", "scoring_system": "epss", "scoring_elements": "0.89064", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.04438", "scoring_system": "epss", "scoring_elements": "0.89063", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.04438", "scoring_system": "epss", "scoring_elements": "0.89059", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.04438", "scoring_system": "epss", "scoring_elements": "0.89077", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.04438", "scoring_system": "epss", "scoring_elements": "0.89084", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.04438", "scoring_system": "epss", "scoring_elements": "0.89087", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.04438", "scoring_system": "epss", "scoring_elements": "0.89095", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.04438", "scoring_system": "epss", "scoring_elements": "0.8911", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14397" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14397", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14397" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860344", "reference_id": "1860344", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860344" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1811", "reference_id": "RHSA-2021:1811", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1811" }, { "reference_url": "https://usn.ubuntu.com/4434-1/", "reference_id": "USN-4434-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4434-1/" }, { "reference_url": "https://usn.ubuntu.com/4573-1/", "reference_id": "USN-4573-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4573-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1051607?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.13%2Bdfsg-2%2Bdeb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-81pq-5gvp-zfgw" }, { "vulnerability": "VCID-aphg-42c4-9yct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.13%252Bdfsg-2%252Bdeb11u1" } ], "aliases": [ "CVE-2020-14397" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qfyp-1xhm-13au" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81152?format=api", "vulnerability_id": "VCID-sgkq-a36z-gyfp", "summary": "libvncserver: buffer overflow in ConnectClientToUnixSock()", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-20839.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-20839.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-20839", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04081", "scoring_system": "epss", "scoring_elements": "0.88505", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.04081", "scoring_system": "epss", "scoring_elements": "0.88513", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.04081", "scoring_system": "epss", "scoring_elements": "0.8853", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.04081", "scoring_system": "epss", "scoring_elements": "0.88534", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.04081", "scoring_system": "epss", "scoring_elements": "0.88553", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.04081", "scoring_system": "epss", "scoring_elements": "0.88557", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.04081", "scoring_system": "epss", "scoring_elements": "0.88569", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.04081", "scoring_system": "epss", "scoring_elements": "0.88561", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.04081", "scoring_system": "epss", "scoring_elements": "0.88575", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.04081", "scoring_system": "epss", "scoring_elements": "0.88571", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.04081", "scoring_system": "epss", "scoring_elements": "0.88585", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.04081", "scoring_system": "epss", "scoring_elements": "0.88591", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.04081", "scoring_system": "epss", "scoring_elements": "0.88589", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.04081", "scoring_system": "epss", "scoring_elements": "0.88601", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.04081", "scoring_system": "epss", "scoring_elements": "0.88617", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-20839" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20839", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20839" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1849877", "reference_id": "1849877", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1849877" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1811", "reference_id": "RHSA-2021:1811", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1811" }, { "reference_url": "https://usn.ubuntu.com/4434-1/", "reference_id": "USN-4434-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4434-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1051607?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.13%2Bdfsg-2%2Bdeb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-81pq-5gvp-zfgw" }, { "vulnerability": "VCID-aphg-42c4-9yct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.13%252Bdfsg-2%252Bdeb11u1" } ], "aliases": [ "CVE-2019-20839" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sgkq-a36z-gyfp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81857?format=api", "vulnerability_id": "VCID-tj14-ykx8-qqgn", "summary": "libvncserver: integer overflow and heap-based buffer overflow in libvncclient/cursor.c in HandleCursorShape function", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-20788.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-20788.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-20788", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00796", "scoring_system": "epss", "scoring_elements": "0.74078", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00796", "scoring_system": "epss", "scoring_elements": "0.73929", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00796", "scoring_system": "epss", "scoring_elements": "0.73938", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00796", "scoring_system": "epss", "scoring_elements": "0.73964", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00796", "scoring_system": "epss", "scoring_elements": "0.73935", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00796", "scoring_system": "epss", "scoring_elements": "0.73969", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00796", "scoring_system": "epss", "scoring_elements": "0.73983", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00796", "scoring_system": "epss", "scoring_elements": "0.74006", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00796", "scoring_system": "epss", "scoring_elements": "0.73988", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00796", "scoring_system": "epss", "scoring_elements": "0.73979", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00796", "scoring_system": "epss", "scoring_elements": "0.74019", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00796", "scoring_system": "epss", "scoring_elements": "0.74028", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00796", "scoring_system": "epss", "scoring_elements": "0.7402", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00796", "scoring_system": "epss", "scoring_elements": "0.74052", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00796", "scoring_system": "epss", "scoring_elements": "0.74061", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00796", "scoring_system": "epss", "scoring_elements": "0.7406", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-20788" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20788", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20788" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1829870", "reference_id": "1829870", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1829870" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954163", "reference_id": "954163", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954163" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0913", "reference_id": "RHSA-2020:0913", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0913" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0920", "reference_id": "RHSA-2020:0920", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0920" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0921", "reference_id": "RHSA-2020:0921", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0921" }, { "reference_url": "https://usn.ubuntu.com/4407-1/", "reference_id": "USN-4407-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4407-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1051607?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.13%2Bdfsg-2%2Bdeb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-81pq-5gvp-zfgw" }, { "vulnerability": "VCID-aphg-42c4-9yct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.13%252Bdfsg-2%252Bdeb11u1" } ], "aliases": [ "CVE-2019-20788" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tj14-ykx8-qqgn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/79074?format=api", "vulnerability_id": "VCID-tnzy-mktx-e7fm", "summary": "libvncserver: a memory leak via the function rfbClientCleanup() may lead to a DoS", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-29260.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-29260.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-29260", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46493", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46531", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46551", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.465", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46555", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46578", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.4655", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46559", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46615", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46613", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46541", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46552", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46501", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46406", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46471", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-29260" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29260", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29260" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1019228", "reference_id": "1019228", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1019228" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124164", "reference_id": "2124164", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124164" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1051607?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.13%2Bdfsg-2%2Bdeb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-81pq-5gvp-zfgw" }, { "vulnerability": "VCID-aphg-42c4-9yct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.13%252Bdfsg-2%252Bdeb11u1" } ], "aliases": [ "CVE-2020-29260" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tnzy-mktx-e7fm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81155?format=api", "vulnerability_id": "VCID-wzpf-4nu7-xyc6", "summary": "libvncserver: libvncclient/rfbproto.c does not limit TextChat size", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14405.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14405.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14405", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01448", "scoring_system": "epss", "scoring_elements": "0.80698", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01448", "scoring_system": "epss", "scoring_elements": "0.80708", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01448", "scoring_system": "epss", "scoring_elements": "0.80729", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01448", "scoring_system": "epss", "scoring_elements": "0.80725", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01448", "scoring_system": "epss", "scoring_elements": "0.80753", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01448", "scoring_system": "epss", "scoring_elements": "0.80761", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01448", "scoring_system": "epss", "scoring_elements": "0.80778", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01448", "scoring_system": "epss", "scoring_elements": "0.80762", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01448", "scoring_system": "epss", "scoring_elements": "0.80754", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01448", "scoring_system": "epss", "scoring_elements": "0.80791", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01448", "scoring_system": "epss", "scoring_elements": "0.80792", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01448", "scoring_system": "epss", "scoring_elements": "0.80793", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01448", "scoring_system": "epss", "scoring_elements": "0.80817", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01448", "scoring_system": "epss", "scoring_elements": "0.80821", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.01448", "scoring_system": "epss", "scoring_elements": "0.80835", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.01448", "scoring_system": "epss", "scoring_elements": "0.80852", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.01448", "scoring_system": "epss", "scoring_elements": "0.80874", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14405" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14405", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14405" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860325", "reference_id": "1860325", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860325" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1811", "reference_id": "RHSA-2021:1811", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1811" }, { "reference_url": "https://usn.ubuntu.com/4434-1/", "reference_id": "USN-4434-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4434-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1051607?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.13%2Bdfsg-2%2Bdeb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-81pq-5gvp-zfgw" }, { "vulnerability": "VCID-aphg-42c4-9yct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.13%252Bdfsg-2%252Bdeb11u1" } ], "aliases": [ "CVE-2020-14405" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wzpf-4nu7-xyc6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81162?format=api", "vulnerability_id": "VCID-x78k-5wm4-kkaj", "summary": "libvncserver: byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14400.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14400.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14400", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02477", "scoring_system": "epss", "scoring_elements": "0.85372", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.02477", "scoring_system": "epss", "scoring_elements": "0.85211", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.02477", "scoring_system": "epss", "scoring_elements": "0.85223", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02477", "scoring_system": "epss", "scoring_elements": "0.85241", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02477", "scoring_system": "epss", "scoring_elements": "0.85244", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02477", "scoring_system": "epss", "scoring_elements": "0.85266", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02477", "scoring_system": "epss", "scoring_elements": "0.85274", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02477", "scoring_system": "epss", "scoring_elements": "0.85288", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02477", "scoring_system": "epss", "scoring_elements": "0.85286", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02477", "scoring_system": "epss", "scoring_elements": "0.85283", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02477", "scoring_system": "epss", "scoring_elements": "0.85304", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.02477", "scoring_system": "epss", "scoring_elements": "0.85305", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.02477", "scoring_system": "epss", "scoring_elements": "0.85301", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.02477", "scoring_system": "epss", "scoring_elements": "0.85323", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.02477", "scoring_system": "epss", "scoring_elements": "0.85333", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.02477", "scoring_system": "epss", "scoring_elements": "0.85332", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.02477", "scoring_system": "epss", "scoring_elements": "0.85346", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14400" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14400", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14400" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860361", "reference_id": "1860361", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860361" }, { "reference_url": "https://usn.ubuntu.com/4434-1/", "reference_id": "USN-4434-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4434-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1051607?format=api", "purl": "pkg:deb/debian/libvncserver@0.9.13%2Bdfsg-2%2Bdeb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-81pq-5gvp-zfgw" }, { "vulnerability": "VCID-aphg-42c4-9yct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.13%252Bdfsg-2%252Bdeb11u1" } ], "aliases": [ "CVE-2020-14400" ], "risk_score": 1.1, "exploitability": "0.5", "weighted_severity": "2.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x78k-5wm4-kkaj" } ], "risk_score": "3.1", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.13%252Bdfsg-2%252Bdeb11u1" }