{"url":"http://public2.vulnerablecode.io/api/packages/107005?format=json","purl":"pkg:rpm/redhat/tfm-rubygem-hammer_cli_foreman@0.11.0.5-1?arch=el7sat","type":"rpm","namespace":"redhat","name":"tfm-rubygem-hammer_cli_foreman","version":"0.11.0.5-1","qualifiers":{"arch":"el7sat"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/84374?format=json","vulnerability_id":"VCID-18aq-72zg-3uc9","summary":"puppet: Unsafe YAML deserialization","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2295.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2295.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-2295","reference_id":"","reference_type":"","scores":[{"value":"0.01893","scoring_system":"epss","scoring_elements":"0.8313","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01893","scoring_system":"epss","scoring_elements":"0.83197","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01893","scoring_system":"epss","scoring_elements":"0.83207","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01893","scoring_system":"epss","scoring_elements":"0.83201","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01893","scoring_system":"epss","scoring_elements":"0.83147","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01893","scoring_system":"epss","scoring_elements":"0.83161","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01893","scoring_system":"epss","scoring_elements":"0.83159","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01893","scoring_system":"epss","scoring_elements":"0.83184","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01893","scoring_system":"epss","scoring_elements":"0.83191","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-2295"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2295","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2295"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:C/I:C/A:C"},{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1452651","reference_id":"1452651","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1452651"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863212","reference_id":"863212","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863212"},{"reference_url":"https://usn.ubuntu.com/3308-1/","reference_id":"USN-3308-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3308-1/"},{"reference_url":"https://usn.ubuntu.com/USN-4804-1/","reference_id":"USN-USN-4804-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-4804-1/"}],"fixed_packages":[],"aliases":["CVE-2017-2295"],"risk_score":3.6,"exploitability":"0.5","weighted_severity":"7.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-18aq-72zg-3uc9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/84050?format=json","vulnerability_id":"VCID-1fgf-s31g-pfac","summary":"foreman: models with a 'belongs_to' association to an Organization do not verify association belongs to that Organization","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8183.json","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8183.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-8183","reference_id":"","reference_type":"","scores":[{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.3593","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.36001","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.36066","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.36027","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.36121","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.36151","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.35986","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.36036","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.36059","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-8183"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:P/I:P/A:P"},{"value":"7.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1480886","reference_id":"1480886","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1480886"}],"fixed_packages":[],"aliases":["CVE-2014-8183"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1fgf-s31g-pfac"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/85119?format=json","vulnerability_id":"VCID-3j8j-qks5-m3ew","summary":"foreman: privilege escalation through Organization and Locations API","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4451.json","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4451.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4451","reference_id":"","reference_type":"","scores":[{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34243","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34583","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.3461","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34477","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.3452","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34549","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34551","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34512","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34488","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4451"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1339889","reference_id":"1339889","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1339889"}],"fixed_packages":[],"aliases":["CVE-2016-4451"],"risk_score":2.9,"exploitability":"0.5","weighted_severity":"5.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3j8j-qks5-m3ew"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/84835?format=json","vulnerability_id":"VCID-4d6e-mx3k-yqgk","summary":"foreman: Information leak through organizations and locations feature","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7078.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7078.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-7078","reference_id":"","reference_type":"","scores":[{"value":"0.00316","scoring_system":"epss","scoring_elements":"0.54559","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00316","scoring_system":"epss","scoring_elements":"0.54629","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00316","scoring_system":"epss","scoring_elements":"0.54653","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00316","scoring_system":"epss","scoring_elements":"0.54623","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00316","scoring_system":"epss","scoring_elements":"0.54675","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00316","scoring_system":"epss","scoring_elements":"0.54671","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00316","scoring_system":"epss","scoring_elements":"0.54684","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00316","scoring_system":"epss","scoring_elements":"0.54667","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00316","scoring_system":"epss","scoring_elements":"0.54646","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-7078"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1386244","reference_id":"1386244","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1386244"}],"fixed_packages":[],"aliases":["CVE-2016-7078"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4d6e-mx3k-yqgk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/84821?format=json","vulnerability_id":"VCID-6bhb-kgf4-abe7","summary":"foreman: Stored XSS vulnerability in remote execution plugin","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8613.json","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8613.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-8613","reference_id":"","reference_type":"","scores":[{"value":"0.00737","scoring_system":"epss","scoring_elements":"0.72779","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00737","scoring_system":"epss","scoring_elements":"0.72786","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00737","scoring_system":"epss","scoring_elements":"0.72806","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00737","scoring_system":"epss","scoring_elements":"0.72783","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00737","scoring_system":"epss","scoring_elements":"0.72821","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00737","scoring_system":"epss","scoring_elements":"0.72835","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00737","scoring_system":"epss","scoring_elements":"0.72859","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00737","scoring_system":"epss","scoring_elements":"0.72843","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-8613"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1387232","reference_id":"1387232","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1387232"}],"fixed_packages":[],"aliases":["CVE-2016-8613"],"risk_score":2.9,"exploitability":"0.5","weighted_severity":"5.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6bhb-kgf4-abe7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7396?format=json","vulnerability_id":"VCID-6hub-g2ja-afaw","summary":"Information disclosure vulnerability\nsafemode for Ruby, when initialized with a delegate object that is a Rails controller, allows context-dependent attackers to obtain sensitive information via the inspect method.","references":[{"reference_url":"http://projects.theforeman.org/issues/14635","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://projects.theforeman.org/issues/14635"},{"reference_url":"http://rubysec.com/advisories/CVE-2016-3693","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rubysec.com/advisories/CVE-2016-3693"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0336","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:0336"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3693.json","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3693.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3693","reference_id":"","reference_type":"","scores":[{"value":"0.00728","scoring_system":"epss","scoring_elements":"0.72594","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00728","scoring_system":"epss","scoring_elements":"0.72617","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00728","scoring_system":"epss","scoring_elements":"0.72627","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00728","scoring_system":"epss","scoring_elements":"0.72645","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00728","scoring_system":"epss","scoring_elements":"0.72621","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00728","scoring_system":"epss","scoring_elements":"0.72609","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00728","scoring_system":"epss","scoring_elements":"0.7257","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00728","scoring_system":"epss","scoring_elements":"0.72577","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00728","scoring_system":"epss","scoring_elements":"0.72571","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3693"},{"reference_url":"http://seclists.org/oss-sec/2016/q2/119","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":""}],"url":"http://seclists.org/oss-sec/2016/q2/119"},{"reference_url":"https://github.com/svenfuchs/safemode","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/svenfuchs/safemode"},{"reference_url":"https://github.com/svenfuchs/safemode/commit/0f764a1720a3a68fd2842e21377c8bfad6d7126f","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/svenfuchs/safemode/commit/0f764a1720a3a68fd2842e21377c8bfad6d7126f"},{"reference_url":"https://github.com/theforeman/foreman/commit/82f9b93c54f72c5814df6bab7fad057eab65b2f2","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/theforeman/foreman/commit/82f9b93c54f72c5814df6bab7fad057eab65b2f2"},{"reference_url":"http://theforeman.org/security.html#2016-3693","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://theforeman.org/security.html#2016-3693"},{"reference_url":"http://www.openwall.com/lists/oss-security/2016/04/20/8","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2016/04/20/8"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1327471","reference_id":"1327471","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1327471"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:safemode_project:safemode:*:*:*:*:*:ruby:*:*","reference_id":"cpe:2.3:a:safemode_project:safemode:*:*:*:*:*:ruby:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:safemode_project:safemode:*:*:*:*:*:ruby:*:*"},{"reference_url":"http://rubysec.com/advisories/CVE-2016-3693/","reference_id":"CVE-2016-3693","reference_type":"","scores":[],"url":"http://rubysec.com/advisories/CVE-2016-3693/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-3693","reference_id":"CVE-2016-3693","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"},{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-3693"},{"reference_url":"https://github.com/advisories/GHSA-c92m-rrrc-q5wf","reference_id":"GHSA-c92m-rrrc-q5wf","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-c92m-rrrc-q5wf"}],"fixed_packages":[],"aliases":["CVE-2016-3693","GHSA-c92m-rrrc-q5wf"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6hub-g2ja-afaw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/84672?format=json","vulnerability_id":"VCID-6jdw-pp1b-1qan","summary":"katello-debug: Possible symlink attacks due to use of predictable file names","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9595.json","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9595.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9595","reference_id":"","reference_type":"","scores":[{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12806","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12904","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12954","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12756","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12836","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12887","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12853","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12815","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.1277","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9595"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1406729","reference_id":"1406729","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1406729"}],"fixed_packages":[],"aliases":["CVE-2016-9595"],"risk_score":3.3,"exploitability":"0.5","weighted_severity":"6.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6jdw-pp1b-1qan"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/85226?format=json","vulnerability_id":"VCID-7zj1-ye9x-cueu","summary":"pulp: Leakage of CA key in pulp-qpid-ssl-cfg","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3696.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3696.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3696","reference_id":"","reference_type":"","scores":[{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16633","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16806","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16863","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16648","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16732","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16786","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16766","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16723","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16666","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3696"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1328930","reference_id":"1328930","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1328930"}],"fixed_packages":[],"aliases":["CVE-2016-3696"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7zj1-ye9x-cueu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/84472?format=json","vulnerability_id":"VCID-8fnw-r4f3-xqcg","summary":"foreman: Image password leak","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0336","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:0336"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2672.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2672.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-2672","reference_id":"","reference_type":"","scores":[{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38794","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38893","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38945","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38956","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.3892","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38927","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38949","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38879","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38931","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-2672"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2672","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2672"},{"reference_url":"https://projects.theforeman.org/issues/19169","reference_id":"","reference_type":"","scores":[],"url":"https://projects.theforeman.org/issues/19169"},{"reference_url":"http://www.securityfocus.com/bid/97526","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/97526"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1439537","reference_id":"1439537","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1439537"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:satellite:6.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:satellite:6.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:satellite:6.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:foreman:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:theforeman:foreman:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:foreman:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-2672","reference_id":"CVE-2017-2672","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:P/I:N/A:N"},{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-2672"}],"fixed_packages":[],"aliases":["CVE-2017-2672"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"7.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8fnw-r4f3-xqcg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10126?format=json","vulnerability_id":"VCID-asqu-5r9h-9yav","summary":"SQL Injection\nAn SQL injection was found in katello's errata-related API. An authenticated remote attacker can craft input data to force a malformed SQL query to the backend database, which will leak internal IDs. This is issue is related to an incomplete fix for CVE-2016-3072.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0336","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:0336"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14623.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14623.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2018-14623","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2018-14623"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14623","reference_id":"","reference_type":"","scores":[{"value":"0.00137","scoring_system":"epss","scoring_elements":"0.33684","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00137","scoring_system":"epss","scoring_elements":"0.33529","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00137","scoring_system":"epss","scoring_elements":"0.33553","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00137","scoring_system":"epss","scoring_elements":"0.33594","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00137","scoring_system":"epss","scoring_elements":"0.33601","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00137","scoring_system":"epss","scoring_elements":"0.33567","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00137","scoring_system":"epss","scoring_elements":"0.33523","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00137","scoring_system":"epss","scoring_elements":"0.33496","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00137","scoring_system":"epss","scoring_elements":"0.3365","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14623"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1623719","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1623719"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14623","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":""},{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14623"},{"reference_url":"https://github.com/Katello/katello","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Katello/katello"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/katello/CVE-2018-14623.yml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/katello/CVE-2018-14623.yml"},{"reference_url":"https://web.archive.org/web/20200227100255/http://www.securityfocus.com/bid/106224","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200227100255/http://www.securityfocus.com/bid/106224"},{"reference_url":"http://www.securityfocus.com/bid/106224","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/106224"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14623","reference_id":"CVE-2018-14623","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14623"},{"reference_url":"https://github.com/advisories/GHSA-527r-mfmj-prqf","reference_id":"GHSA-527r-mfmj-prqf","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-527r-mfmj-prqf"},{"reference_url":"https://github.com/advisories/GHSA-jx5v-788g-qw58","reference_id":"GHSA-jx5v-788g-qw58","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jx5v-788g-qw58"}],"fixed_packages":[],"aliases":["CVE-2018-14623","GHSA-jx5v-788g-qw58"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-asqu-5r9h-9yav"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/84945?format=json","vulnerability_id":"VCID-avsj-f1g8-yfen","summary":"foreman: Persistent XSS in Foreman remote execution plugin","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6319.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6319.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6319","reference_id":"","reference_type":"","scores":[{"value":"0.00734","scoring_system":"epss","scoring_elements":"0.72684","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00734","scoring_system":"epss","scoring_elements":"0.72692","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00734","scoring_system":"epss","scoring_elements":"0.72711","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00734","scoring_system":"epss","scoring_elements":"0.72688","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00734","scoring_system":"epss","scoring_elements":"0.72727","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00734","scoring_system":"epss","scoring_elements":"0.7274","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00734","scoring_system":"epss","scoring_elements":"0.72764","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00734","scoring_system":"epss","scoring_elements":"0.72748","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00734","scoring_system":"epss","scoring_elements":"0.72738","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6319"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1365815","reference_id":"1365815","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1365815"}],"fixed_packages":[],"aliases":["CVE-2016-6319"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-avsj-f1g8-yfen"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8854?format=json","vulnerability_id":"VCID-bvrv-wvt6-8yfy","summary":"Improper Certificate Validation\nHammer CLI, a CLI utility for Foreman, does not explicitly set the `verify_ssl` flag for `apipie-bindings`. As a result the server certificates are not checked and connections are prone to man-in-the-middle attacks.","references":[{"reference_url":"http://projects.theforeman.org/issues/19033","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://projects.theforeman.org/issues/19033"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0336","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":""},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:0336"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2667.json","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2667.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-2667","reference_id":"","reference_type":"","scores":[{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29494","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29538","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29535","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29433","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29612","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29564","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29496","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29442","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-2667"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1436262","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1436262"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/hammer_cli_foreman/CVE-2017-2667.yml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/hammer_cli_foreman/CVE-2017-2667.yml"},{"reference_url":"https://github.com/theforeman/hammer-cli-foreman","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/theforeman/hammer-cli-foreman"},{"reference_url":"https://web.archive.org/web/20200227181720/http://www.securityfocus.com/bid/97153","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200227181720/http://www.securityfocus.com/bid/97153"},{"reference_url":"http://www.securityfocus.com/bid/97153","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/97153"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-2667","reference_id":"CVE-2017-2667","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-2667"},{"reference_url":"https://github.com/advisories/GHSA-77h8-xr85-3x5q","reference_id":"GHSA-77h8-xr85-3x5q","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-77h8-xr85-3x5q"}],"fixed_packages":[],"aliases":["CVE-2017-2667","GHSA-77h8-xr85-3x5q"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bvrv-wvt6-8yfy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/85049?format=json","vulnerability_id":"VCID-cc8z-r1zy-23f2","summary":"foreman: Information disclosure in provisioning template previews","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4995.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4995.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4995","reference_id":"","reference_type":"","scores":[{"value":"0.00298","scoring_system":"epss","scoring_elements":"0.53142","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00298","scoring_system":"epss","scoring_elements":"0.53166","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00298","scoring_system":"epss","scoring_elements":"0.53191","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00298","scoring_system":"epss","scoring_elements":"0.53159","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00298","scoring_system":"epss","scoring_elements":"0.53212","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00298","scoring_system":"epss","scoring_elements":"0.53206","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00298","scoring_system":"epss","scoring_elements":"0.53257","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00298","scoring_system":"epss","scoring_elements":"0.53243","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00298","scoring_system":"epss","scoring_elements":"0.53226","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4995"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1348939","reference_id":"1348939","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1348939"}],"fixed_packages":[],"aliases":["CVE-2016-4995"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cc8z-r1zy-23f2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/84797?format=json","vulnerability_id":"VCID-dfb9-31gj-57fs","summary":"foreman: Stored XSS in org/loc wizard","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8634.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8634.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-8634","reference_id":"","reference_type":"","scores":[{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55554","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55665","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55688","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55667","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55718","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55721","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.5573","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.5571","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55693","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-8634"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1391520","reference_id":"1391520","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1391520"}],"fixed_packages":[],"aliases":["CVE-2016-8634"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dfb9-31gj-57fs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6881?format=json","vulnerability_id":"VCID-dh5x-wb2a-1ufj","summary":"XSS vulnerabiliy in generated pagination links\nThe package will_paginate generate pagination links without escaping result. If user-controlled data is sent to will_paginate, there is a potential XSS vulnerability.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0336","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:0336"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6459.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6459.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-6459","reference_id":"","reference_type":"","scores":[{"value":"0.00257","scoring_system":"epss","scoring_elements":"0.49082","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00257","scoring_system":"epss","scoring_elements":"0.49103","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00257","scoring_system":"epss","scoring_elements":"0.49086","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00257","scoring_system":"epss","scoring_elements":"0.49076","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00257","scoring_system":"epss","scoring_elements":"0.49089","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58205","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58119","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58225","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.582","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-6459"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6459","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6459"},{"reference_url":"https://github.com/mislav/will_paginate","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mislav/will_paginate"},{"reference_url":"https://github.com/mislav/will_paginate/releases/tag/v3.0.5","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mislav/will_paginate/releases/tag/v3.0.5"},{"reference_url":"https://groups.google.com/forum/#!topic/will_paginate/Dguinf-5Sbw","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!topic/will_paginate/Dguinf-5Sbw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-6459","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-6459"},{"reference_url":"https://web.archive.org/web/20150709163604/http://www.securityfocus.com/bid/64509","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20150709163604/http://www.securityfocus.com/bid/64509"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1046642","reference_id":"1046642","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1046642"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=733209","reference_id":"733209","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=733209"},{"reference_url":"https://github.com/advisories/GHSA-8r6h-7x9g-xmw9","reference_id":"GHSA-8r6h-7x9g-xmw9","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8r6h-7x9g-xmw9"}],"fixed_packages":[],"aliases":["CVE-2013-6459","GHSA-8r6h-7x9g-xmw9","OSV-101138"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dh5x-wb2a-1ufj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/85050?format=json","vulnerability_id":"VCID-dtva-ze8n-vycd","summary":"foreman: inside discovery-debug, the root password is displayed in plaintext","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4996.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4996.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4996","reference_id":"","reference_type":"","scores":[{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.1207","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.1218","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12226","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12028","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.1211","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12161","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12169","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12132","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.121","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4996"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1349136","reference_id":"1349136","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1349136"}],"fixed_packages":[],"aliases":["CVE-2016-4996"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dtva-ze8n-vycd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/84840?format=json","vulnerability_id":"VCID-e488-4fjn-z3g2","summary":"foreman: Foreman information leak through unauthorized multiple_checkboxes helper","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7077.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7077.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-7077","reference_id":"","reference_type":"","scores":[{"value":"0.00251","scoring_system":"epss","scoring_elements":"0.48346","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00251","scoring_system":"epss","scoring_elements":"0.48381","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00251","scoring_system":"epss","scoring_elements":"0.48402","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00251","scoring_system":"epss","scoring_elements":"0.48355","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00251","scoring_system":"epss","scoring_elements":"0.4841","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00251","scoring_system":"epss","scoring_elements":"0.48404","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00251","scoring_system":"epss","scoring_elements":"0.48428","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00251","scoring_system":"epss","scoring_elements":"0.48403","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00251","scoring_system":"epss","scoring_elements":"0.48415","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-7077"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1385777","reference_id":"1385777","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1385777"}],"fixed_packages":[],"aliases":["CVE-2016-7077"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e488-4fjn-z3g2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/84673?format=json","vulnerability_id":"VCID-egve-f1uw-nfff","summary":"foreman-debug: missing obfuscation of sensitive information","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9593.json","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9593.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9593","reference_id":"","reference_type":"","scores":[{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44351","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44437","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44458","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44394","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44445","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44452","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44468","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44436","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9593"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1406384","reference_id":"1406384","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1406384"}],"fixed_packages":[],"aliases":["CVE-2016-9593"],"risk_score":2.1,"exploitability":"0.5","weighted_severity":"4.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-egve-f1uw-nfff"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/83664?format=json","vulnerability_id":"VCID-kra9-9yr7-nbg6","summary":"Interconnect: Denial of Service vulnerability in Red Hat JBoss AMQ Interconnect","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15699.json","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15699.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15699","reference_id":"","reference_type":"","scores":[{"value":"0.01602","scoring_system":"epss","scoring_elements":"0.81637","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01602","scoring_system":"epss","scoring_elements":"0.81649","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01602","scoring_system":"epss","scoring_elements":"0.81671","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01602","scoring_system":"epss","scoring_elements":"0.81669","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01602","scoring_system":"epss","scoring_elements":"0.81695","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01602","scoring_system":"epss","scoring_elements":"0.817","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01602","scoring_system":"epss","scoring_elements":"0.81719","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01602","scoring_system":"epss","scoring_elements":"0.81707","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15699"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1512724","reference_id":"1512724","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1512724"}],"fixed_packages":[],"aliases":["CVE-2017-15699"],"risk_score":2.7,"exploitability":"0.5","weighted_severity":"5.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kra9-9yr7-nbg6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/48265?format=json","vulnerability_id":"VCID-p8ab-a4gk-eyd2","summary":"Multiple vulnerabilities have been found in the Chromium web\n    browser, the worst of which allows remote attackers to execute arbitrary\n    code.","references":[{"reference_url":"http://googlechromereleases.blogspot.com/2016/05/stable-channel-update.html","reference_id":"","reference_type":"","scores":[],"url":"http://googlechromereleases.blogspot.com/2016/05/stable-channel-update.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00043.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00043.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00050.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00050.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00048.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00048.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2016-07/msg00063.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-updates/2016-07/msg00063.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-1080.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2016-1080.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2017-0002.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2017-0002.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0336","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:0336"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1669.json","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1669.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1669","reference_id":"","reference_type":"","scores":[{"value":"0.01626","scoring_system":"epss","scoring_elements":"0.81796","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01626","scoring_system":"epss","scoring_elements":"0.81861","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01626","scoring_system":"epss","scoring_elements":"0.8186","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01626","scoring_system":"epss","scoring_elements":"0.81879","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01626","scoring_system":"epss","scoring_elements":"0.81867","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01626","scoring_system":"epss","scoring_elements":"0.81807","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01626","scoring_system":"epss","scoring_elements":"0.81829","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01626","scoring_system":"epss","scoring_elements":"0.81827","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01626","scoring_system":"epss","scoring_elements":"0.81853","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1669"},{"reference_url":"https://codereview.chromium.org/1945313002","reference_id":"","reference_type":"","scores":[],"url":"https://codereview.chromium.org/1945313002"},{"reference_url":"https://crbug.com/606115","reference_id":"","reference_type":"","scores":[],"url":"https://crbug.com/606115"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10403","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10403"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1667","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1667"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1668","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1668"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1669","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1669"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1670","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1670"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1672","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1672"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1673","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1673"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1674","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1674"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1675","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1675"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1676","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1676"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1677","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1677"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1678","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1678"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1679","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1679"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1680","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1680"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1681","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1681"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1682","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1682"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1683","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1683"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1684","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1684"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1685","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1685"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1686","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1686"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1687","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1687"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1688","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1688"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1689","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1689"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1690","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1690"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1691","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1691"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1692","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1692"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1693","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1693"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1694","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1694"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1695","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1695"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05347541","reference_id":"","reference_type":"","scores":[],"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05347541"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CITS5GIUTNWVSUXMSORIAJJLQBEGL2CK/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CITS5GIUTNWVSUXMSORIAJJLQBEGL2CK/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZPTKXI62OPCJCJGCSFMST4HIBQ27J72W/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZPTKXI62OPCJCJGCSFMST4HIBQ27J72W/"},{"reference_url":"http://www.debian.org/security/2016/dsa-3590","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2016/dsa-3590"},{"reference_url":"http://www.securityfocus.com/bid/90584","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/90584"},{"reference_url":"http://www.securitytracker.com/id/1035872","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1035872"},{"reference_url":"http://www.ubuntu.com/usn/USN-2960-1","reference_id":"","reference_type":"","scores":[],"url":"http://www.ubuntu.com/usn/USN-2960-1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1335449","reference_id":"1335449","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1335449"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:google:v8:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:google:v8:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:google:v8:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*","reference_id":"cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-1669","reference_id":"CVE-2016-1669","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:C/I:C/A:C"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-1669"},{"reference_url":"https://security.gentoo.org/glsa/201605-02","reference_id":"GLSA-201605-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201605-02"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1080","reference_id":"RHSA-2016:1080","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1080"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0002","reference_id":"RHSA-2017:0002","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0002"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0879","reference_id":"RHSA-2017:0879","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0879"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0880","reference_id":"RHSA-2017:0880","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0880"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0881","reference_id":"RHSA-2017:0881","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0881"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0882","reference_id":"RHSA-2017:0882","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0882"},{"reference_url":"https://usn.ubuntu.com/2960-1/","reference_id":"USN-2960-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2960-1/"}],"fixed_packages":[],"aliases":["CVE-2016-1669"],"risk_score":4.2,"exploitability":"0.5","weighted_severity":"8.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p8ab-a4gk-eyd2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/85202?format=json","vulnerability_id":"VCID-ph9r-qphf-8fam","summary":"pulp: Unsafe use of bash $RANDOM for NSS DB password and seed","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3704.json","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3704.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3704","reference_id":"","reference_type":"","scores":[{"value":"0.00543","scoring_system":"epss","scoring_elements":"0.67647","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00543","scoring_system":"epss","scoring_elements":"0.67682","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00543","scoring_system":"epss","scoring_elements":"0.67702","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00543","scoring_system":"epss","scoring_elements":"0.67734","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00543","scoring_system":"epss","scoring_elements":"0.67748","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00543","scoring_system":"epss","scoring_elements":"0.67771","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00543","scoring_system":"epss","scoring_elements":"0.67757","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00543","scoring_system":"epss","scoring_elements":"0.67724","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3704"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1330264","reference_id":"1330264","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1330264"}],"fixed_packages":[],"aliases":["CVE-2016-3704"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ph9r-qphf-8fam"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/85150?format=json","vulnerability_id":"VCID-sa68-rwqe-tfgp","summary":"foreman: Stored XSS via organization/location with HTML in name","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8639.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8639.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-8639","reference_id":"","reference_type":"","scores":[{"value":"0.00582","scoring_system":"epss","scoring_elements":"0.68875","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00582","scoring_system":"epss","scoring_elements":"0.68893","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00582","scoring_system":"epss","scoring_elements":"0.68914","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00582","scoring_system":"epss","scoring_elements":"0.68894","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00582","scoring_system":"epss","scoring_elements":"0.68944","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00582","scoring_system":"epss","scoring_elements":"0.68963","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00582","scoring_system":"epss","scoring_elements":"0.68986","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00582","scoring_system":"epss","scoring_elements":"0.68971","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00582","scoring_system":"epss","scoring_elements":"0.68941","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-8639"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1393291","reference_id":"1393291","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1393291"}],"fixed_packages":[],"aliases":["CVE-2016-8639"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sa68-rwqe-tfgp"}],"fixing_vulnerabilities":[],"risk_score":"4.2","resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/tfm-rubygem-hammer_cli_foreman@0.11.0.5-1%3Farch=el7sat"}