{"url":"http://public2.vulnerablecode.io/api/packages/1073246?format=json","purl":"pkg:deb/debian/xscreensaver@4.21-3","type":"deb","namespace":"debian","name":"xscreensaver","version":"4.21-3","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"5.45+dfsg1-2","latest_non_vulnerable_version":"5.45+dfsg1-2","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9478?format=json","vulnerability_id":"VCID-6bmg-wd6f-jya8","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-31523","reference_id":"","reference_type":"","scores":[{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.13049","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.13146","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.13152","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.13128","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-31523"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31523","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31523"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987149","reference_id":"987149","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987149"},{"reference_url":"https://security.archlinux.org/AVG-1857","reference_id":"AVG-1857","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1857"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1088763?format=json","purl":"pkg:deb/debian/xscreensaver@5.45%2Bdfsg1-2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xscreensaver@5.45%252Bdfsg1-2"}],"aliases":["CVE-2021-31523"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6bmg-wd6f-jya8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/201992?format=json","vulnerability_id":"VCID-73me-anhc-8kc1","summary":"xscreensaver before 5.14 crashes during activation and leaves the screen unlocked when in Blank Only Mode and when DPMS is disabled, which allows local attackers to access resources without authentication.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2187.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2187.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2187","reference_id":"","reference_type":"","scores":[{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27206","published_at":"2026-06-11T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27407","published_at":"2026-06-12T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27428","published_at":"2026-06-13T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.2741","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2187"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2187","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2187"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=627382","reference_id":"627382","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=627382"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=703483","reference_id":"703483","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=703483"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1073251?format=json","purl":"pkg:deb/debian/xscreensaver@5.15-3%2Bdeb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6bmg-wd6f-jya8"},{"vulnerability":"VCID-84fk-y48y-2yha"},{"vulnerability":"VCID-fyh7-6m76-4qar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xscreensaver@5.15-3%252Bdeb7u1"}],"aliases":["CVE-2011-2187"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-73me-anhc-8kc1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9666?format=json","vulnerability_id":"VCID-84fk-y48y-2yha","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-34557","reference_id":"","reference_type":"","scores":[{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38544","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38718","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.3874","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38729","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-34557"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34557","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34557"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989508","reference_id":"989508","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989508"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1088763?format=json","purl":"pkg:deb/debian/xscreensaver@5.45%2Bdfsg1-2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xscreensaver@5.45%252Bdfsg1-2"}],"aliases":["CVE-2021-34557"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-84fk-y48y-2yha"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/185684?format=json","vulnerability_id":"VCID-aunv-bh82-53er","summary":"XScreenSaver allows local users to bypass authentication under certain\n    configurations.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-1859.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-1859.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-1859","reference_id":"","reference_type":"","scores":[{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.25051","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.25249","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.25268","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.25254","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-1859"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1859","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1859"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=237003","reference_id":"237003","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=237003"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=433964","reference_id":"433964","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=433964"},{"reference_url":"https://security.gentoo.org/glsa/200705-14","reference_id":"GLSA-200705-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200705-14"},{"reference_url":"https://access.redhat.com/errata/RHSA-2007:0322","reference_id":"RHSA-2007:0322","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2007:0322"},{"reference_url":"https://usn.ubuntu.com/474-1/","reference_id":"USN-474-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/474-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1073248?format=json","purl":"pkg:deb/debian/xscreensaver@5.05-3%2Blenny1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6bmg-wd6f-jya8"},{"vulnerability":"VCID-73me-anhc-8kc1"},{"vulnerability":"VCID-84fk-y48y-2yha"},{"vulnerability":"VCID-fyh7-6m76-4qar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xscreensaver@5.05-3%252Blenny1"}],"aliases":["CVE-2007-1859"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-aunv-bh82-53er"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/515?format=json","vulnerability_id":"VCID-fyh7-6m76-4qar","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8025","reference_id":"","reference_type":"","scores":[{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.2099","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.21167","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.21187","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8025"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8025","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8025"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:M/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=802914","reference_id":"802914","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=802914"},{"reference_url":"https://usn.ubuntu.com/2789-1/","reference_id":"USN-2789-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2789-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1073251?format=json","purl":"pkg:deb/debian/xscreensaver@5.15-3%2Bdeb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6bmg-wd6f-jya8"},{"vulnerability":"VCID-84fk-y48y-2yha"},{"vulnerability":"VCID-fyh7-6m76-4qar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xscreensaver@5.15-3%252Bdeb7u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1074646?format=json","purl":"pkg:deb/debian/xscreensaver@5.30-1%2Bdeb8u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6bmg-wd6f-jya8"},{"vulnerability":"VCID-84fk-y48y-2yha"},{"vulnerability":"VCID-fyh7-6m76-4qar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xscreensaver@5.30-1%252Bdeb8u2"},{"url":"http://public2.vulnerablecode.io/api/packages/1088761?format=json","purl":"pkg:deb/debian/xscreensaver@5.36-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6bmg-wd6f-jya8"},{"vulnerability":"VCID-84fk-y48y-2yha"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xscreensaver@5.36-1"}],"aliases":["CVE-2015-8025"],"risk_score":1.1,"exploitability":"0.5","weighted_severity":"2.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fyh7-6m76-4qar"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/200840?format=json","vulnerability_id":"VCID-vpb5-by3g-ykay","summary":"xscreensaver 5.03 and earlier, when running without xscreensaver-gl-extras (GL extras) installed, crashes when /usr/bin/xscreensaver-gl-helper does not exist and a user attempts to unlock the screen, which allows attackers with physical access to gain access to the locked session.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-5585","reference_id":"","reference_type":"","scores":[{"value":"0.00424","scoring_system":"epss","scoring_elements":"0.62626","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00424","scoring_system":"epss","scoring_elements":"0.62728","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00424","scoring_system":"epss","scoring_elements":"0.6274","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00424","scoring_system":"epss","scoring_elements":"0.62735","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-5585"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5585","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5585"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=448157","reference_id":"448157","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=448157"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1073248?format=json","purl":"pkg:deb/debian/xscreensaver@5.05-3%2Blenny1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6bmg-wd6f-jya8"},{"vulnerability":"VCID-73me-anhc-8kc1"},{"vulnerability":"VCID-84fk-y48y-2yha"},{"vulnerability":"VCID-fyh7-6m76-4qar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xscreensaver@5.05-3%252Blenny1"}],"aliases":["CVE-2007-5585"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vpb5-by3g-ykay"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/199640?format=json","vulnerability_id":"VCID-243q-jeqz-dfes","summary":"Xscreensaver before 4.15 creates temporary files insecurely in (1) driver/passwd-kerberos.c, (2) driver/xscreensaver-getimage-video, (3) driver/xscreensaver.kss.in, and the (4) vidwhacker and (5) webcollage screensavers, which allows local users to overwrite arbitrary files via a symlink attack.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2003-1294.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2003-1294.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2003-1294","reference_id":"","reference_type":"","scores":[{"value":"0.00099","scoring_system":"epss","scoring_elements":"0.27137","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00099","scoring_system":"epss","scoring_elements":"0.2734","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00099","scoring_system":"epss","scoring_elements":"0.2736","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00099","scoring_system":"epss","scoring_elements":"0.27342","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2003-1294"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1294","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1294"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1617125","reference_id":"1617125","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1617125"},{"reference_url":"https://access.redhat.com/errata/RHSA-2006:0498","reference_id":"RHSA-2006:0498","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2006:0498"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1073246?format=json","purl":"pkg:deb/debian/xscreensaver@4.21-3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6bmg-wd6f-jya8"},{"vulnerability":"VCID-73me-anhc-8kc1"},{"vulnerability":"VCID-84fk-y48y-2yha"},{"vulnerability":"VCID-aunv-bh82-53er"},{"vulnerability":"VCID-fyh7-6m76-4qar"},{"vulnerability":"VCID-vpb5-by3g-ykay"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xscreensaver@4.21-3"}],"aliases":["CVE-2003-1294"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-243q-jeqz-dfes"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/199917?format=json","vulnerability_id":"VCID-7s4y-2y7b-vyaf","summary":"rdesktop 1.3.1 with xscreensaver 4.14, and possibly other versions, when running on Fedora and possibly other platforms, does not release the keyboard focus when xscreensaver starts, which causes the password to be entered into the active window when the user unlocks the screen.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2004-2655.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2004-2655.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2004-2655","reference_id":"","reference_type":"","scores":[{"value":"0.01401","scoring_system":"epss","scoring_elements":"0.80845","published_at":"2026-06-11T12:55:00Z"},{"value":"0.01401","scoring_system":"epss","scoring_elements":"0.80905","published_at":"2026-06-12T12:55:00Z"},{"value":"0.01401","scoring_system":"epss","scoring_elements":"0.80915","published_at":"2026-06-13T12:55:00Z"},{"value":"0.01401","scoring_system":"epss","scoring_elements":"0.80906","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2004-2655"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2655","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2655"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1617427","reference_id":"1617427","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1617427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2006:0498","reference_id":"RHSA-2006:0498","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2006:0498"},{"reference_url":"https://usn.ubuntu.com/269-1/","reference_id":"USN-269-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/269-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1073246?format=json","purl":"pkg:deb/debian/xscreensaver@4.21-3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6bmg-wd6f-jya8"},{"vulnerability":"VCID-73me-anhc-8kc1"},{"vulnerability":"VCID-84fk-y48y-2yha"},{"vulnerability":"VCID-aunv-bh82-53er"},{"vulnerability":"VCID-fyh7-6m76-4qar"},{"vulnerability":"VCID-vpb5-by3g-ykay"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xscreensaver@4.21-3"}],"aliases":["CVE-2004-2655"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7s4y-2y7b-vyaf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/199622?format=json","vulnerability_id":"VCID-82j9-5qv3-2bam","summary":"Xscreensaver 4.14 contains certain debugging code that should have been omitted, which causes Xscreensaver to create temporary files insecurely in the (1) apple2, (2) xanalogtv, and (3) pong screensavers, and allows local users to overwrite arbitrary files via a symlink attack.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2003-0885.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2003-0885.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2003-0885","reference_id":"","reference_type":"","scores":[{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58654","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58766","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.5878","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58769","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2003-0885"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0885","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0885"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1073246?format=json","purl":"pkg:deb/debian/xscreensaver@4.21-3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6bmg-wd6f-jya8"},{"vulnerability":"VCID-73me-anhc-8kc1"},{"vulnerability":"VCID-84fk-y48y-2yha"},{"vulnerability":"VCID-aunv-bh82-53er"},{"vulnerability":"VCID-fyh7-6m76-4qar"},{"vulnerability":"VCID-vpb5-by3g-ykay"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xscreensaver@4.21-3"}],"aliases":["CVE-2003-0885"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-82j9-5qv3-2bam"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/199641?format=json","vulnerability_id":"VCID-vbyr-cssk-fqcz","summary":"Unspecified vulnerability in xscreensaver 4.12, and possibly other versions, allows attackers to cause xscreensaver to crash via unspecified vectors \"while verifying the user-password.\"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2003-1295","reference_id":"","reference_type":"","scores":[{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20452","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20629","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.2065","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2003-1295"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1295","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1295"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1073246?format=json","purl":"pkg:deb/debian/xscreensaver@4.21-3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6bmg-wd6f-jya8"},{"vulnerability":"VCID-73me-anhc-8kc1"},{"vulnerability":"VCID-84fk-y48y-2yha"},{"vulnerability":"VCID-aunv-bh82-53er"},{"vulnerability":"VCID-fyh7-6m76-4qar"},{"vulnerability":"VCID-vpb5-by3g-ykay"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xscreensaver@4.21-3"}],"aliases":["CVE-2003-1295"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vbyr-cssk-fqcz"}],"risk_score":"3.1","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xscreensaver@4.21-3"}