{"url":"http://public2.vulnerablecode.io/api/packages/1074331?format=json","purl":"pkg:deb/debian/openssh@1:6.6p1-4~bpo70%2B1","type":"deb","namespace":"debian","name":"openssh","version":"1:6.6p1-4~bpo70+1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1:9.2p1-2+deb12u7","latest_non_vulnerable_version":"1:9.2p1-2+deb12u7","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/28443?format=json","vulnerability_id":"VCID-124c-8gmd-xfb7","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-35414.json","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-35414.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35414","reference_id":"","reference_type":"","scores":[{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10984","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.11013","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.11044","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.11047","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35414"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35414","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35414"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132576","reference_id":"1132576","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132576"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454490","reference_id":"2454490","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454490"},{"reference_url":"https://www.openwall.com/lists/oss-security/2026/04/02/3","reference_id":"3","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T17:42:45Z/"}],"url":"https://www.openwall.com/lists/oss-security/2026/04/02/3"},{"reference_url":"https://marc.info/?l=openssh-unix-dev&m=177513443901484&w=2","reference_id":"?l=openssh-unix-dev&m=177513443901484&w=2","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T17:42:45Z/"}],"url":"https://marc.info/?l=openssh-unix-dev&m=177513443901484&w=2"},{"reference_url":"https://www.openssh.org/releasenotes.html#10.3p1","reference_id":"releasenotes.html#10.3p1","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T17:42:45Z/"}],"url":"https://www.openssh.org/releasenotes.html#10.3p1"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12389","reference_id":"RHSA-2026:12389","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12389"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13380","reference_id":"RHSA-2026:13380","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13380"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13381","reference_id":"RHSA-2026:13381","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13381"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13383","reference_id":"RHSA-2026:13383","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13383"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:14937","reference_id":"RHSA-2026:14937","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:14937"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16059","reference_id":"RHSA-2026:16059","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:16059"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:19069","reference_id":"RHSA-2026:19069","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:19069"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:19219","reference_id":"RHSA-2026:19219","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:19219"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21275","reference_id":"RHSA-2026:21275","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21275"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21298","reference_id":"RHSA-2026:21298","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21298"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21398","reference_id":"RHSA-2026:21398","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21398"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22329","reference_id":"RHSA-2026:22329","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22329"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22564","reference_id":"RHSA-2026:22564","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22564"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22648","reference_id":"RHSA-2026:22648","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22648"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:25096","reference_id":"RHSA-2026:25096","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:25096"},{"reference_url":"https://usn.ubuntu.com/8222-1/","reference_id":"USN-8222-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8222-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1079933?format=json","purl":"pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:9.2p1-2%252Bdeb12u7"}],"aliases":["CVE-2026-35414"],"risk_score":2.1,"exploitability":"0.5","weighted_severity":"4.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-124c-8gmd-xfb7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15670?format=json","vulnerability_id":"VCID-1k3j-b43t-ckgx","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38408.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38408.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-38408","reference_id":"","reference_type":"","scores":[{"value":"0.64352","scoring_system":"epss","scoring_elements":"0.98474","published_at":"2026-06-13T12:55:00Z"},{"value":"0.64352","scoring_system":"epss","scoring_elements":"0.98468","published_at":"2026-06-11T12:55:00Z"},{"value":"0.66852","scoring_system":"epss","scoring_elements":"0.98576","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-38408"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38408","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38408"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/07/20/1","reference_id":"1","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:21Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/07/20/1"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042460","reference_id":"1042460","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042460"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/09/22/11","reference_id":"11","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:21Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/09/22/11"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/07/20/2","reference_id":"2","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:21Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/07/20/2"},{"reference_url":"https://security.gentoo.org/glsa/202307-01","reference_id":"202307-01","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:21Z/"}],"url":"https://security.gentoo.org/glsa/202307-01"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2224173","reference_id":"2224173","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2224173"},{"reference_url":"https://github.com/openbsd/src/commit/7bc29a9d5cd697290aa056e94ecee6253d3425f8","reference_id":"7bc29a9d5cd697290aa056e94ecee6253d3425f8","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:21Z/"}],"url":"https://github.com/openbsd/src/commit/7bc29a9d5cd697290aa056e94ecee6253d3425f8"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/09/22/9","reference_id":"9","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:21Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/09/22/9"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CEBTJJINE2I3FHAUKKNQWMFGYMLSMWKQ/","reference_id":"CEBTJJINE2I3FHAUKKNQWMFGYMLSMWKQ","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:21Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CEBTJJINE2I3FHAUKKNQWMFGYMLSMWKQ/"},{"reference_url":"https://blog.qualys.com/vulnerabilities-threat-research/2023/07/19/cve-2023-38408-remote-code-execution-in-opensshs-forwarded-ssh-agent","reference_id":"cve-2023-38408-remote-code-execution-in-opensshs-forwarded-ssh-agent","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:21Z/"}],"url":"https://blog.qualys.com/vulnerabilities-threat-research/2023/07/19/cve-2023-38408-remote-code-execution-in-opensshs-forwarded-ssh-agent"},{"reference_url":"https://www.vicarius.io/vsociety/posts/exploring-opensshs-agent-forwarding-rce-cve-2023-38408","reference_id":"exploring-opensshs-agent-forwarding-rce-cve-2023-38408","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:21Z/"}],"url":"https://www.vicarius.io/vsociety/posts/exploring-opensshs-agent-forwarding-rce-cve-2023-38408"},{"reference_url":"https://github.com/openbsd/src/commit/f03a4faa55c4ce0818324701dadbf91988d7351d","reference_id":"f03a4faa55c4ce0818324701dadbf91988d7351d","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:21Z/"}],"url":"https://github.com/openbsd/src/commit/f03a4faa55c4ce0818324701dadbf91988d7351d"},{"reference_url":"https://github.com/openbsd/src/commit/f8f5a6b003981bb824329dc987d101977beda7ca","reference_id":"f8f5a6b003981bb824329dc987d101977beda7ca","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:21Z/"}],"url":"https://github.com/openbsd/src/commit/f8f5a6b003981bb824329dc987d101977beda7ca"},{"reference_url":"https://support.apple.com/kb/HT213940","reference_id":"HT213940","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:21Z/"}],"url":"https://support.apple.com/kb/HT213940"},{"reference_url":"https://news.ycombinator.com/item?id=36790196","reference_id":"item?id=36790196","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:21Z/"}],"url":"https://news.ycombinator.com/item?id=36790196"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00021.html","reference_id":"msg00021.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:21Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00021.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230803-0010/","reference_id":"ntap-20230803-0010","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:21Z/"}],"url":"https://security.netapp.com/advisory/ntap-20230803-0010/"},{"reference_url":"http://packetstormsecurity.com/files/173661/OpenSSH-Forwarded-SSH-Agent-Remote-Code-Execution.html","reference_id":"OpenSSH-Forwarded-SSH-Agent-Remote-Code-Execution.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:21Z/"}],"url":"http://packetstormsecurity.com/files/173661/OpenSSH-Forwarded-SSH-Agent-Remote-Code-Execution.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RAXVQS6ZYTULFAK3TEJHRLKZALJS3AOU/","reference_id":"RAXVQS6ZYTULFAK3TEJHRLKZALJS3AOU","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:21Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RAXVQS6ZYTULFAK3TEJHRLKZALJS3AOU/"},{"reference_url":"https://www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt","reference_id":"rce-openssh-forwarded-ssh-agent.txt","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:21Z/"}],"url":"https://www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt"},{"reference_url":"https://www.openssh.com/txt/release-9.3p2","reference_id":"release-9.3p2","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:21Z/"}],"url":"https://www.openssh.com/txt/release-9.3p2"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4329","reference_id":"RHSA-2023:4329","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4329"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4381","reference_id":"RHSA-2023:4381","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4381"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4382","reference_id":"RHSA-2023:4382","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4382"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4383","reference_id":"RHSA-2023:4383","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4383"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4384","reference_id":"RHSA-2023:4384","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4384"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4412","reference_id":"RHSA-2023:4412","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4412"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4413","reference_id":"RHSA-2023:4413","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4413"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4419","reference_id":"RHSA-2023:4419","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4419"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4428","reference_id":"RHSA-2023:4428","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4428"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4889","reference_id":"RHSA-2023:4889","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4889"},{"reference_url":"https://www.openssh.com/security.html","reference_id":"security.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:21Z/"}],"url":"https://www.openssh.com/security.html"},{"reference_url":"https://usn.ubuntu.com/6242-1/","reference_id":"USN-6242-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6242-1/"},{"reference_url":"https://usn.ubuntu.com/6242-2/","reference_id":"USN-6242-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6242-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1079932?format=json","purl":"pkg:deb/debian/openssh@1:8.4p1-5%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-124c-8gmd-xfb7"},{"vulnerability":"VCID-358j-tvz2-dbau"},{"vulnerability":"VCID-3ky7-2mqj-q7gh"},{"vulnerability":"VCID-51qb-g51q-b3fd"},{"vulnerability":"VCID-98ft-mftn-mfcu"},{"vulnerability":"VCID-c2p7-27z7-5ffc"},{"vulnerability":"VCID-hfvj-pb4z-67av"},{"vulnerability":"VCID-mbbh-g3se-2yen"},{"vulnerability":"VCID-rp48-23m3-h3bx"},{"vulnerability":"VCID-yje6-k29k-fkch"},{"vulnerability":"VCID-z7bz-947q-jkgt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:8.4p1-5%252Bdeb11u3"}],"aliases":["CVE-2023-38408"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1k3j-b43t-ckgx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/207672?format=json","vulnerability_id":"VCID-29b1-zcfn-1be6","summary":"The scp client in OpenSSH 8.2 incorrectly sends duplicate responses to the server upon a utimes system call failure, which allows a malicious unprivileged user on the remote server to overwrite arbitrary files in the client's download directory by creating a crafted subdirectory anywhere on the remote server. The victim must use the command scp -rp to download a file hierarchy containing, anywhere inside, this crafted subdirectory. NOTE: the vendor points out that \"this attack can achieve no more than a hostile peer is already able to achieve within the scp protocol\" and \"utimes does not fail under normal circumstances.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12062.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12062.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-12062","reference_id":"","reference_type":"","scores":[{"value":"0.0096","scoring_system":"epss","scoring_elements":"0.76907","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0096","scoring_system":"epss","scoring_elements":"0.76979","published_at":"2026-06-12T12:55:00Z"},{"value":"0.0096","scoring_system":"epss","scoring_elements":"0.76993","published_at":"2026-06-13T12:55:00Z"},{"value":"0.0096","scoring_system":"epss","scoring_elements":"0.76986","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-12062"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12062","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12062"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1854145","reference_id":"1854145","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1854145"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1079932?format=json","purl":"pkg:deb/debian/openssh@1:8.4p1-5%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-124c-8gmd-xfb7"},{"vulnerability":"VCID-358j-tvz2-dbau"},{"vulnerability":"VCID-3ky7-2mqj-q7gh"},{"vulnerability":"VCID-51qb-g51q-b3fd"},{"vulnerability":"VCID-98ft-mftn-mfcu"},{"vulnerability":"VCID-c2p7-27z7-5ffc"},{"vulnerability":"VCID-hfvj-pb4z-67av"},{"vulnerability":"VCID-mbbh-g3se-2yen"},{"vulnerability":"VCID-rp48-23m3-h3bx"},{"vulnerability":"VCID-yje6-k29k-fkch"},{"vulnerability":"VCID-z7bz-947q-jkgt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:8.4p1-5%252Bdeb11u3"}],"aliases":["CVE-2020-12062"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-29b1-zcfn-1be6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/25794?format=json","vulnerability_id":"VCID-358j-tvz2-dbau","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61984.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61984.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-61984","reference_id":"","reference_type":"","scores":[{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01864","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01878","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01868","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01866","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-61984"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61984","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61984"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://www.openwall.com/lists/oss-security/2025/10/06/1","reference_id":"1","reference_type":"","scores":[{"value":"3.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-10-08T03:55:10Z/"}],"url":"https://www.openwall.com/lists/oss-security/2025/10/06/1"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117529","reference_id":"1117529","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117529"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2401960","reference_id":"2401960","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2401960"},{"reference_url":"https://marc.info/?l=openssh-unix-dev&m=175974522032149&w=2","reference_id":"?l=openssh-unix-dev&m=175974522032149&w=2","reference_type":"","scores":[{"value":"3.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-10-08T03:55:10Z/"}],"url":"https://marc.info/?l=openssh-unix-dev&m=175974522032149&w=2"},{"reference_url":"https://www.openssh.com/releasenotes.html#10.1p1","reference_id":"releasenotes.html#10.1p1","reference_type":"","scores":[{"value":"3.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-10-08T03:55:10Z/"}],"url":"https://www.openssh.com/releasenotes.html#10.1p1"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23479","reference_id":"RHSA-2025:23479","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23479"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23480","reference_id":"RHSA-2025:23480","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23480"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23481","reference_id":"RHSA-2025:23481","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23481"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0414","reference_id":"RHSA-2026:0414","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0414"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0685","reference_id":"RHSA-2026:0685","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0685"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0693","reference_id":"RHSA-2026:0693","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0693"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0976","reference_id":"RHSA-2026:0976","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0976"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1652","reference_id":"RHSA-2026:1652","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1652"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1678","reference_id":"RHSA-2026:1678","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1678"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1790","reference_id":"RHSA-2026:1790","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1790"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1815","reference_id":"RHSA-2026:1815","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1815"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1858","reference_id":"RHSA-2026:1858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5475","reference_id":"RHSA-2026:5475","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5475"},{"reference_url":"https://usn.ubuntu.com/8090-1/","reference_id":"USN-8090-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8090-1/"},{"reference_url":"https://usn.ubuntu.com/8090-2/","reference_id":"USN-8090-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8090-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1079933?format=json","purl":"pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:9.2p1-2%252Bdeb12u7"}],"aliases":["CVE-2025-61984"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-358j-tvz2-dbau"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/28439?format=json","vulnerability_id":"VCID-3ky7-2mqj-q7gh","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-35386.json","reference_id":"","reference_type":"","scores":[{"value":"3.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-35386.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35386","reference_id":"","reference_type":"","scores":[{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12364","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12444","published_at":"2026-06-14T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12463","published_at":"2026-06-13T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12456","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35386"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35386","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35386"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132573","reference_id":"1132573","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132573"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454506","reference_id":"2454506","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454506"},{"reference_url":"https://www.openwall.com/lists/oss-security/2026/04/02/3","reference_id":"3","reference_type":"","scores":[{"value":"3.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T17:12:12Z/"}],"url":"https://www.openwall.com/lists/oss-security/2026/04/02/3"},{"reference_url":"https://marc.info/?l=openssh-unix-dev&m=177513443901484&w=2","reference_id":"?l=openssh-unix-dev&m=177513443901484&w=2","reference_type":"","scores":[{"value":"3.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T17:12:12Z/"}],"url":"https://marc.info/?l=openssh-unix-dev&m=177513443901484&w=2"},{"reference_url":"https://www.openssh.org/releasenotes.html#10.3p1","reference_id":"releasenotes.html#10.3p1","reference_type":"","scores":[{"value":"3.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T17:12:12Z/"}],"url":"https://www.openssh.org/releasenotes.html#10.3p1"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12389","reference_id":"RHSA-2026:12389","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12389"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13380","reference_id":"RHSA-2026:13380","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13380"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13381","reference_id":"RHSA-2026:13381","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13381"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13383","reference_id":"RHSA-2026:13383","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13383"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:14937","reference_id":"RHSA-2026:14937","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:14937"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16059","reference_id":"RHSA-2026:16059","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:16059"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:19069","reference_id":"RHSA-2026:19069","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:19069"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:19219","reference_id":"RHSA-2026:19219","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:19219"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21275","reference_id":"RHSA-2026:21275","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21275"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21298","reference_id":"RHSA-2026:21298","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21298"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21398","reference_id":"RHSA-2026:21398","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21398"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22329","reference_id":"RHSA-2026:22329","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22329"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22564","reference_id":"RHSA-2026:22564","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22564"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22648","reference_id":"RHSA-2026:22648","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22648"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:25096","reference_id":"RHSA-2026:25096","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:25096"},{"reference_url":"https://usn.ubuntu.com/8222-1/","reference_id":"USN-8222-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8222-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1079933?format=json","purl":"pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:9.2p1-2%252Bdeb12u7"}],"aliases":["CVE-2026-35386"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3ky7-2mqj-q7gh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/961?format=json","vulnerability_id":"VCID-3rbw-3649-xkgw","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1908.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1908.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1908","reference_id":"","reference_type":"","scores":[{"value":"0.02368","scoring_system":"epss","scoring_elements":"0.85295","published_at":"2026-06-11T12:55:00Z"},{"value":"0.02368","scoring_system":"epss","scoring_elements":"0.85347","published_at":"2026-06-12T12:55:00Z"},{"value":"0.02368","scoring_system":"epss","scoring_elements":"0.85356","published_at":"2026-06-13T12:55:00Z"},{"value":"0.02368","scoring_system":"epss","scoring_elements":"0.85348","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1908"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1908","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1908"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:S/C:P/I:P/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"http://www.securitytracker.com/id/1034705","reference_id":"1034705","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:14:41Z/"}],"url":"http://www.securitytracker.com/id/1034705"},{"reference_url":"http://openwall.com/lists/oss-security/2016/01/15/13","reference_id":"13","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:14:41Z/"}],"url":"http://openwall.com/lists/oss-security/2016/01/15/13"},{"reference_url":"https://security.gentoo.org/glsa/201612-18","reference_id":"201612-18","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:14:41Z/"}],"url":"https://security.gentoo.org/glsa/201612-18"},{"reference_url":"http://www.securityfocus.com/bid/84427","reference_id":"84427","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:14:41Z/"}],"url":"http://www.securityfocus.com/bid/84427"},{"reference_url":"https://anongit.mindrot.org/openssh.git/commit/?id=ed4ce82dbfa8a3a3c8ea6fa0db113c71e234416c","reference_id":"?id=ed4ce82dbfa8a3a3c8ea6fa0db113c71e234416c","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:14:41Z/"}],"url":"https://anongit.mindrot.org/openssh.git/commit/?id=ed4ce82dbfa8a3a3c8ea6fa0db113c71e234416c"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html","reference_id":"linuxbulletinapr2016-2952096.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:14:41Z/"}],"url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html","reference_id":"msg00010.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:14:41Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html"},{"reference_url":"http://www.openssh.com/txt/release-7.2","reference_id":"release-7.2","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:14:41Z/"}],"url":"http://www.openssh.com/txt/release-7.2"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0465","reference_id":"RHSA-2016:0465","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0465"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-0465.html","reference_id":"RHSA-2016-0465.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:14:41Z/"}],"url":"http://rhn.redhat.com/errata/RHSA-2016-0465.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0741","reference_id":"RHSA-2016:0741","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0741"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-0741.html","reference_id":"RHSA-2016-0741.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:14:41Z/"}],"url":"http://rhn.redhat.com/errata/RHSA-2016-0741.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1298741","reference_id":"show_bug.cgi?id=1298741","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:14:41Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1298741"},{"reference_url":"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf","reference_id":"ssa-412672.pdf","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:14:41Z/"}],"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"},{"reference_url":"https://usn.ubuntu.com/2966-1/","reference_id":"USN-2966-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2966-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1076695?format=json","purl":"pkg:deb/debian/openssh@1:7.4p1-10%2Bdeb9u7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-124c-8gmd-xfb7"},{"vulnerability":"VCID-1k3j-b43t-ckgx"},{"vulnerability":"VCID-29b1-zcfn-1be6"},{"vulnerability":"VCID-358j-tvz2-dbau"},{"vulnerability":"VCID-3ky7-2mqj-q7gh"},{"vulnerability":"VCID-51qb-g51q-b3fd"},{"vulnerability":"VCID-59xb-y4z9-pbfp"},{"vulnerability":"VCID-6ft3-n7d1-53h3"},{"vulnerability":"VCID-98ft-mftn-mfcu"},{"vulnerability":"VCID-c2p7-27z7-5ffc"},{"vulnerability":"VCID-cm2c-arkw-audk"},{"vulnerability":"VCID-d3f4-y8af-cbap"},{"vulnerability":"VCID-e2cy-pzgk-9ucu"},{"vulnerability":"VCID-gmg1-md81-3ka6"},{"vulnerability":"VCID-hfvj-pb4z-67av"},{"vulnerability":"VCID-mbbh-g3se-2yen"},{"vulnerability":"VCID-nm47-brfe-rbfu"},{"vulnerability":"VCID-payd-r87h-53cc"},{"vulnerability":"VCID-pxgq-mjwq-bfa7"},{"vulnerability":"VCID-rp48-23m3-h3bx"},{"vulnerability":"VCID-xsrv-ne3r-37ej"},{"vulnerability":"VCID-z7bz-947q-jkgt"},{"vulnerability":"VCID-z8hs-nkmn-dfcs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:7.4p1-10%252Bdeb9u7"}],"aliases":["CVE-2016-1908"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3rbw-3649-xkgw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/28441?format=json","vulnerability_id":"VCID-51qb-g51q-b3fd","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-35388.json","reference_id":"","reference_type":"","scores":[{"value":"2.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-35388.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35388","reference_id":"","reference_type":"","scores":[{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04497","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04477","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04483","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04498","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35388"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35388","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35388"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132575","reference_id":"1132575","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132575"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454500","reference_id":"2454500","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454500"},{"reference_url":"https://www.openwall.com/lists/oss-security/2026/04/02/3","reference_id":"3","reference_type":"","scores":[{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T17:46:05Z/"}],"url":"https://www.openwall.com/lists/oss-security/2026/04/02/3"},{"reference_url":"https://marc.info/?l=openssh-unix-dev&m=177513443901484&w=2","reference_id":"?l=openssh-unix-dev&m=177513443901484&w=2","reference_type":"","scores":[{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T17:46:05Z/"}],"url":"https://marc.info/?l=openssh-unix-dev&m=177513443901484&w=2"},{"reference_url":"https://www.openssh.org/releasenotes.html#10.3p1","reference_id":"releasenotes.html#10.3p1","reference_type":"","scores":[{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T17:46:05Z/"}],"url":"https://www.openssh.org/releasenotes.html#10.3p1"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12389","reference_id":"RHSA-2026:12389","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12389"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13380","reference_id":"RHSA-2026:13380","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13380"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13381","reference_id":"RHSA-2026:13381","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13381"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13383","reference_id":"RHSA-2026:13383","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13383"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:14937","reference_id":"RHSA-2026:14937","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:14937"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16059","reference_id":"RHSA-2026:16059","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:16059"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:19069","reference_id":"RHSA-2026:19069","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:19069"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:19219","reference_id":"RHSA-2026:19219","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:19219"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21275","reference_id":"RHSA-2026:21275","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21275"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21298","reference_id":"RHSA-2026:21298","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21298"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21398","reference_id":"RHSA-2026:21398","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21398"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22329","reference_id":"RHSA-2026:22329","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22329"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22564","reference_id":"RHSA-2026:22564","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22564"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22648","reference_id":"RHSA-2026:22648","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22648"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:25096","reference_id":"RHSA-2026:25096","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:25096"},{"reference_url":"https://usn.ubuntu.com/8222-1/","reference_id":"USN-8222-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8222-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1079933?format=json","purl":"pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:9.2p1-2%252Bdeb12u7"}],"aliases":["CVE-2026-35388"],"risk_score":1.1,"exploitability":"0.5","weighted_severity":"2.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-51qb-g51q-b3fd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5347?format=json","vulnerability_id":"VCID-59xb-y4z9-pbfp","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20685.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20685.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20685","reference_id":"","reference_type":"","scores":[{"value":"0.03377","scoring_system":"epss","scoring_elements":"0.87694","published_at":"2026-06-12T12:55:00Z"},{"value":"0.03377","scoring_system":"epss","scoring_elements":"0.87651","published_at":"2026-06-11T12:55:00Z"},{"value":"0.03377","scoring_system":"epss","scoring_elements":"0.877","published_at":"2026-06-13T12:55:00Z"},{"value":"0.03377","scoring_system":"epss","scoring_elements":"0.87697","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20685"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20685","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20685"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6109","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6109"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6111","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6111"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"http://www.securityfocus.com/bid/106531","reference_id":"106531","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:53:24Z/"}],"url":"http://www.securityfocus.com/bid/106531"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1665785","reference_id":"1665785","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1665785"},{"reference_url":"https://security.gentoo.org/glsa/201903-16","reference_id":"201903-16","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:53:24Z/"}],"url":"https://security.gentoo.org/glsa/201903-16"},{"reference_url":"https://security.gentoo.org/glsa/202007-53","reference_id":"202007-53","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:53:24Z/"}],"url":"https://security.gentoo.org/glsa/202007-53"},{"reference_url":"https://usn.ubuntu.com/3885-1/","reference_id":"3885-1","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:53:24Z/"}],"url":"https://usn.ubuntu.com/3885-1/"},{"reference_url":"https://github.com/openssh/openssh-portable/commit/6010c0303a422a9c5fa8860c061bf7105eb7f8b2","reference_id":"6010c0303a422a9c5fa8860c061bf7105eb7f8b2","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:53:24Z/"}],"url":"https://github.com/openssh/openssh-portable/commit/6010c0303a422a9c5fa8860c061bf7105eb7f8b2"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=919101","reference_id":"919101","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=919101"},{"reference_url":"https://security.archlinux.org/ASA-201904-11","reference_id":"ASA-201904-11","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201904-11"},{"reference_url":"https://security.archlinux.org/AVG-951","reference_id":"AVG-951","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-951"},{"reference_url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","reference_id":"cpuapr2019-5072813.html","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:53:24Z/"}],"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"},{"reference_url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","reference_id":"cpuoct2019-5072832.html","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:53:24Z/"}],"url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"},{"reference_url":"https://www.debian.org/security/2019/dsa-4387","reference_id":"dsa-4387","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:53:24Z/"}],"url":"https://www.debian.org/security/2019/dsa-4387"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html","reference_id":"msg00030.html","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:53:24Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190215-0001/","reference_id":"ntap-20190215-0001","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:53:24Z/"}],"url":"https://security.netapp.com/advisory/ntap-20190215-0001/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3702","reference_id":"RHSA-2019:3702","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:53:24Z/"}],"url":"https://access.redhat.com/errata/RHSA-2019:3702"},{"reference_url":"https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/scp.c.diff?r1=1.197&r2=1.198&f=h","reference_id":"scp.c.diff?r1=1.197&r2=1.198&f=h","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:53:24Z/"}],"url":"https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/scp.c.diff?r1=1.197&r2=1.198&f=h"},{"reference_url":"https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt","reference_id":"scp-client-multiple-vulnerabilities.txt","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:53:24Z/"}],"url":"https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt"},{"reference_url":"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf","reference_id":"ssa-412672.pdf","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:53:24Z/"}],"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1076695?format=json","purl":"pkg:deb/debian/openssh@1:7.4p1-10%2Bdeb9u7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-124c-8gmd-xfb7"},{"vulnerability":"VCID-1k3j-b43t-ckgx"},{"vulnerability":"VCID-29b1-zcfn-1be6"},{"vulnerability":"VCID-358j-tvz2-dbau"},{"vulnerability":"VCID-3ky7-2mqj-q7gh"},{"vulnerability":"VCID-51qb-g51q-b3fd"},{"vulnerability":"VCID-59xb-y4z9-pbfp"},{"vulnerability":"VCID-6ft3-n7d1-53h3"},{"vulnerability":"VCID-98ft-mftn-mfcu"},{"vulnerability":"VCID-c2p7-27z7-5ffc"},{"vulnerability":"VCID-cm2c-arkw-audk"},{"vulnerability":"VCID-d3f4-y8af-cbap"},{"vulnerability":"VCID-e2cy-pzgk-9ucu"},{"vulnerability":"VCID-gmg1-md81-3ka6"},{"vulnerability":"VCID-hfvj-pb4z-67av"},{"vulnerability":"VCID-mbbh-g3se-2yen"},{"vulnerability":"VCID-nm47-brfe-rbfu"},{"vulnerability":"VCID-payd-r87h-53cc"},{"vulnerability":"VCID-pxgq-mjwq-bfa7"},{"vulnerability":"VCID-rp48-23m3-h3bx"},{"vulnerability":"VCID-xsrv-ne3r-37ej"},{"vulnerability":"VCID-z7bz-947q-jkgt"},{"vulnerability":"VCID-z8hs-nkmn-dfcs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:7.4p1-10%252Bdeb9u7"},{"url":"http://public2.vulnerablecode.io/api/packages/1078456?format=json","purl":"pkg:deb/debian/openssh@1:7.9p1-10%2Bdeb10u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-124c-8gmd-xfb7"},{"vulnerability":"VCID-1k3j-b43t-ckgx"},{"vulnerability":"VCID-29b1-zcfn-1be6"},{"vulnerability":"VCID-358j-tvz2-dbau"},{"vulnerability":"VCID-3ky7-2mqj-q7gh"},{"vulnerability":"VCID-51qb-g51q-b3fd"},{"vulnerability":"VCID-6ft3-n7d1-53h3"},{"vulnerability":"VCID-98ft-mftn-mfcu"},{"vulnerability":"VCID-c2p7-27z7-5ffc"},{"vulnerability":"VCID-cm2c-arkw-audk"},{"vulnerability":"VCID-hfvj-pb4z-67av"},{"vulnerability":"VCID-mbbh-g3se-2yen"},{"vulnerability":"VCID-nm47-brfe-rbfu"},{"vulnerability":"VCID-payd-r87h-53cc"},{"vulnerability":"VCID-rp48-23m3-h3bx"},{"vulnerability":"VCID-xsrv-ne3r-37ej"},{"vulnerability":"VCID-z7bz-947q-jkgt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:7.9p1-10%252Bdeb10u2"}],"aliases":["CVE-2018-20685"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-59xb-y4z9-pbfp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/158795?format=json","vulnerability_id":"VCID-6c6q-52re-zqdc","summary":"The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-6563.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-6563.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-6563","reference_id":"","reference_type":"","scores":[{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.27824","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.27608","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.27809","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.27834","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-6563"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6563","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6563"},{"reference_url":"http://www.openwall.com/lists/oss-security/2015/08/22/1","reference_id":"1","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:11:48Z/"}],"url":"http://www.openwall.com/lists/oss-security/2015/08/22/1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1252844","reference_id":"1252844","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1252844"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165170.html","reference_id":"165170.html","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:11:48Z/"}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165170.html"},{"reference_url":"https://security.gentoo.org/glsa/201512-04","reference_id":"201512-04","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:11:48Z/"}],"url":"https://security.gentoo.org/glsa/201512-04"},{"reference_url":"http://seclists.org/fulldisclosure/2015/Aug/54","reference_id":"54","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:11:48Z/"}],"url":"http://seclists.org/fulldisclosure/2015/Aug/54"},{"reference_url":"http://www.securityfocus.com/bid/76317","reference_id":"76317","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:11:48Z/"}],"url":"http://www.securityfocus.com/bid/76317"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=795711","reference_id":"795711","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=795711"},{"reference_url":"https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-766","reference_id":"brocade-security-advisory-2019-766","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:11:48Z/"}],"url":"https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-766"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html","reference_id":"bulletinjan2016-2867206.html","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:11:48Z/"}],"url":"http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"},{"reference_url":"https://github.com/openssh/openssh-portable/commit/d4697fe9a28dab7255c60433e4dd23cf7fce8a8b","reference_id":"d4697fe9a28dab7255c60433e4dd23cf7fce8a8b","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:11:48Z/"}],"url":"https://github.com/openssh/openssh-portable/commit/d4697fe9a28dab7255c60433e4dd23cf7fce8a8b"},{"reference_url":"https://support.apple.com/HT205375","reference_id":"HT205375","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:11:48Z/"}],"url":"https://support.apple.com/HT205375"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html","reference_id":"linuxbulletinapr2016-2952096.html","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:11:48Z/"}],"url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html","reference_id":"linuxbulletinoct2015-2719645.html","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:11:48Z/"}],"url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"},{"reference_url":"http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html","reference_id":"msg00005.html","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:11:48Z/"}],"url":"http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html","reference_id":"msg00010.html","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:11:48Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.html","reference_id":"msg00017.html","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:11:48Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180201-0002/","reference_id":"ntap-20180201-0002","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:11:48Z/"}],"url":"https://security.netapp.com/advisory/ntap-20180201-0002/"},{"reference_url":"http://www.openssh.com/txt/release-7.0","reference_id":"release-7.0","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:11:48Z/"}],"url":"http://www.openssh.com/txt/release-7.0"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2088","reference_id":"RHSA-2015:2088","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2088"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0741","reference_id":"RHSA-2016:0741","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0741"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-0741.html","reference_id":"RHSA-2016-0741.html","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:11:48Z/"}],"url":"http://rhn.redhat.com/errata/RHSA-2016-0741.html"},{"reference_url":"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf","reference_id":"ssa-412672.pdf","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:11:48Z/"}],"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1076695?format=json","purl":"pkg:deb/debian/openssh@1:7.4p1-10%2Bdeb9u7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-124c-8gmd-xfb7"},{"vulnerability":"VCID-1k3j-b43t-ckgx"},{"vulnerability":"VCID-29b1-zcfn-1be6"},{"vulnerability":"VCID-358j-tvz2-dbau"},{"vulnerability":"VCID-3ky7-2mqj-q7gh"},{"vulnerability":"VCID-51qb-g51q-b3fd"},{"vulnerability":"VCID-59xb-y4z9-pbfp"},{"vulnerability":"VCID-6ft3-n7d1-53h3"},{"vulnerability":"VCID-98ft-mftn-mfcu"},{"vulnerability":"VCID-c2p7-27z7-5ffc"},{"vulnerability":"VCID-cm2c-arkw-audk"},{"vulnerability":"VCID-d3f4-y8af-cbap"},{"vulnerability":"VCID-e2cy-pzgk-9ucu"},{"vulnerability":"VCID-gmg1-md81-3ka6"},{"vulnerability":"VCID-hfvj-pb4z-67av"},{"vulnerability":"VCID-mbbh-g3se-2yen"},{"vulnerability":"VCID-nm47-brfe-rbfu"},{"vulnerability":"VCID-payd-r87h-53cc"},{"vulnerability":"VCID-pxgq-mjwq-bfa7"},{"vulnerability":"VCID-rp48-23m3-h3bx"},{"vulnerability":"VCID-xsrv-ne3r-37ej"},{"vulnerability":"VCID-z7bz-947q-jkgt"},{"vulnerability":"VCID-z8hs-nkmn-dfcs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:7.4p1-10%252Bdeb9u7"}],"aliases":["CVE-2015-6563"],"risk_score":2.9,"exploitability":"0.5","weighted_severity":"5.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6c6q-52re-zqdc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16078?format=json","vulnerability_id":"VCID-6ft3-n7d1-53h3","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-48795.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-48795.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-48795","reference_id":"","reference_type":"","scores":[{"value":"0.51662","scoring_system":"epss","scoring_elements":"0.97963","published_at":"2026-06-12T12:55:00Z"},{"value":"0.51662","scoring_system":"epss","scoring_elements":"0.97964","published_at":"2026-06-13T12:55:00Z"},{"value":"0.51662","scoring_system":"epss","scoring_elements":"0.97965","published_at":"2026-06-14T12:55:00Z"},{"value":"0.52998","scoring_system":"epss","scoring_elements":"0.98016","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-48795"},{"reference_url":"https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack"},{"reference_url":"https://cert-portal.siemens.com/productcert/html/ssa-082556.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cert-portal.siemens.com/productcert/html/ssa-082556.html"},{"reference_url":"https://cert-portal.siemens.com/productcert/html/ssa-364175.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cert-portal.siemens.com/productcert/html/ssa-364175.html"},{"reference_url":"https://cert-portal.siemens.com/productcert/html/ssa-794697.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cert-portal.siemens.com/productcert/html/ssa-794697.html"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51385","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51385"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6004","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6004"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6918","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6918"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/paramiko/paramiko/issues/2337#issuecomment-1887642773","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/paramiko/paramiko/issues/2337#issuecomment-1887642773"},{"reference_url":"https://github.com/warp-tech/russh","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/warp-tech/russh"},{"reference_url":"https://github.com/warp-tech/russh/commit/1aa340a7df1d5be1c0f4a9e247aade76dfdd2951","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/warp-tech/russh/commit/1aa340a7df1d5be1c0f4a9e247aade76dfdd2951"},{"reference_url":"https://github.com/warp-tech/russh/security/advisories/GHSA-45x7-px36-x8w8","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/warp-tech/russh/security/advisories/GHSA-45x7-px36-x8w8"},{"reference_url":"https://go.dev/cl/550715","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://go.dev/cl/550715"},{"reference_url":"https://go.dev/issue/64784","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://go.dev/issue/64784"},{"reference_url":"https://help.panic.com/releasenotes/transmit5","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://help.panic.com/releasenotes/transmit5"},{"reference_url":"https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/09/msg00042.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2024/09/msg00042.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/11/msg00032.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2024/11/msg00032.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/04/msg00028.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2025/04/msg00028.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-48795","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-48795"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240105-0004","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20240105-0004"},{"reference_url":"https://thorntech.com/cve-2023-48795-and-sftp-gateway","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://thorntech.com/cve-2023-48795-and-sftp-gateway"},{"reference_url":"https://www.netsarang.com/en/xshell-update-history","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.netsarang.com/en/xshell-update-history"},{"reference_url":"https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed"},{"reference_url":"https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795"},{"reference_url":"https://www.vicarius.io/vsociety/posts/cve-2023-48795-detect-openssh-vulnerabilit","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.vicarius.io/vsociety/posts/cve-2023-48795-detect-openssh-vulnerabilit"},{"reference_url":"https://www.vicarius.io/vsociety/posts/cve-2023-48795-mitigate-openssh-vulnerability","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.vicarius.io/vsociety/posts/cve-2023-48795-mitigate-openssh-vulnerability"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059001","reference_id":"1059001","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059001"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059002","reference_id":"1059002","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059002"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059003","reference_id":"1059003","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059003"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059004","reference_id":"1059004","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059004"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059005","reference_id":"1059005","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059005"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059006","reference_id":"1059006","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059006"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059007","reference_id":"1059007","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059007"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059058","reference_id":"1059058","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059058"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059144","reference_id":"1059144","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059144"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059290","reference_id":"1059290","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059290"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059294","reference_id":"1059294","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059294"},{"reference_url":"https://github.com/libssh2/libssh2/pull/1291","reference_id":"1291","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/libssh2/libssh2/pull/1291"},{"reference_url":"https://github.com/ssh-mitm/ssh-mitm/issues/165","reference_id":"165","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/ssh-mitm/ssh-mitm/issues/165"},{"reference_url":"https://twitter.com/TrueSkrillor/status/1736774389725565005","reference_id":"1736774389725565005","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://twitter.com/TrueSkrillor/status/1736774389725565005"},{"reference_url":"https://www.openwall.com/lists/oss-security/2023/12/18/2","reference_id":"2","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://www.openwall.com/lists/oss-security/2023/12/18/2"},{"reference_url":"https://security.gentoo.org/glsa/202312-16","reference_id":"202312-16","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://security.gentoo.org/glsa/202312-16"},{"reference_url":"https://security.gentoo.org/glsa/202312-17","reference_id":"202312-17","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://security.gentoo.org/glsa/202312-17"},{"reference_url":"http://seclists.org/fulldisclosure/2024/Mar/21","reference_id":"21","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"http://seclists.org/fulldisclosure/2024/Mar/21"},{"reference_url":"https://github.com/PowerShell/Win32-OpenSSH/issues/2189","reference_id":"2189","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/PowerShell/Win32-OpenSSH/issues/2189"},{"reference_url":"https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22","reference_id":"2.2.21...2.2.22","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22"},{"reference_url":"https://github.com/paramiko/paramiko/issues/2337","reference_id":"2337","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/paramiko/paramiko/issues/2337"},{"reference_url":"https://github.com/NixOS/nixpkgs/pull/275249","reference_id":"275249","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/NixOS/nixpkgs/pull/275249"},{"reference_url":"https://www.openwall.com/lists/oss-security/2023/12/20/3","reference_id":"3","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://www.openwall.com/lists/oss-security/2023/12/20/3"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/12/18/3","reference_id":"3","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/12/18/3"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/12/20/3","reference_id":"3","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/12/20/3"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/03/06/3","reference_id":"3","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"http://www.openwall.com/lists/oss-security/2024/03/06/3"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/","reference_id":"33XHJUB6ROFUOH2OQNENFROTVH6MHSHA","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/","reference_id":"3CAYYW35MUTNO65RVAELICTNZZFMT2XS","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/","reference_id":"3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/","reference_id":"3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/"},{"reference_url":"https://github.com/apache/mina-sshd/issues/445","reference_id":"445","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/apache/mina-sshd/issues/445"},{"reference_url":"https://github.com/proftpd/proftpd/issues/456","reference_id":"456","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/proftpd/proftpd/issues/456"},{"reference_url":"https://github.com/mwiede/jsch/issues/457","reference_id":"457","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/mwiede/jsch/issues/457"},{"reference_url":"https://github.com/mwiede/jsch/pull/461","reference_id":"461","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/mwiede/jsch/pull/461"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/12/19/5","reference_id":"5","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/12/19/5"},{"reference_url":"https://github.com/cyd01/KiTTY/issues/520","reference_id":"520","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/cyd01/KiTTY/issues/520"},{"reference_url":"https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab","reference_id":"5c8b534f6e97db7ac0e0e579331213aa25c173ab","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/","reference_id":"6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/"},{"reference_url":"https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0","reference_id":"7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/04/17/8","reference_id":"8","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"http://www.openwall.com/lists/oss-security/2024/04/17/8"},{"reference_url":"https://github.com/janmojzis/tinyssh/issues/81","reference_id":"81","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/janmojzis/tinyssh/issues/81"},{"reference_url":"https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5","reference_id":"8e972c5e94b460379fe0c7d20209c16df81538a5","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5"},{"reference_url":"https://github.com/hierynomus/sshj/issues/916","reference_id":"916","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/hierynomus/sshj/issues/916"},{"reference_url":"https://bugs.gentoo.org/920280","reference_id":"920280","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://bugs.gentoo.org/920280"},{"reference_url":"https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3","reference_id":"97b223f8891b96d6fc054df5ab1d5a1a545da2a3","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3"},{"reference_url":"https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d","reference_id":"9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d"},{"reference_url":"https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508","reference_id":"allgemeine-sicherheitshinweise#c243508","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/","reference_id":"APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/","reference_id":"BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/","reference_id":"C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/"},{"reference_url":"https://oryx-embedded.com/download/#changelog","reference_id":"#changelog","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://oryx-embedded.com/download/#changelog"},{"reference_url":"https://www.paramiko.org/changelog.html","reference_id":"changelog.html","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://www.paramiko.org/changelog.html"},{"reference_url":"https://matt.ucc.asn.au/dropbear/CHANGES","reference_id":"CHANGES","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://matt.ucc.asn.au/dropbear/CHANGES"},{"reference_url":"https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html","reference_id":"changes.html","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html"},{"reference_url":"https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25","reference_id":"CHANGES#L25","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25"},{"reference_url":"https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst","reference_id":"changes.rst","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst"},{"reference_url":"https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16","reference_id":"CHANGES.txt#L14-L16","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/","reference_id":"CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/"},{"reference_url":"https://access.redhat.com/security/cve/cve-2023-48795","reference_id":"cve-2023-48795","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://access.redhat.com/security/cve/cve-2023-48795"},{"reference_url":"https://security-tracker.debian.org/tracker/CVE-2023-48795","reference_id":"CVE-2023-48795","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://security-tracker.debian.org/tracker/CVE-2023-48795"},{"reference_url":"https://ubuntu.com/security/CVE-2023-48795","reference_id":"CVE-2023-48795","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://ubuntu.com/security/CVE-2023-48795"},{"reference_url":"https://thorntech.com/cve-2023-48795-and-sftp-gateway/","reference_id":"cve-2023-48795-and-sftp-gateway","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://thorntech.com/cve-2023-48795-and-sftp-gateway/"},{"reference_url":"https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/","reference_id":"cve202348795_why_is_this_cve_still_undisclosed","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/"},{"reference_url":"https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC","reference_id":"D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC"},{"reference_url":"https://www.debian.org/security/2023/dsa-5586","reference_id":"dsa-5586","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://www.debian.org/security/2023/dsa-5586"},{"reference_url":"https://www.debian.org/security/2023/dsa-5588","reference_id":"dsa-5588","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://www.debian.org/security/2023/dsa-5588"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/","reference_id":"F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/"},{"reference_url":"https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc","reference_id":"FreeBSD-SA-23:19.openssh.asc","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc"},{"reference_url":"https://github.com/advisories/GHSA-45x7-px36-x8w8","reference_id":"GHSA-45x7-px36-x8w8","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/advisories/GHSA-45x7-px36-x8w8"},{"reference_url":"https://security.gentoo.org/glsa/202407-11","reference_id":"GLSA-202407-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202407-11"},{"reference_url":"https://security.gentoo.org/glsa/202407-12","reference_id":"GLSA-202407-12","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202407-12"},{"reference_url":"https://security.gentoo.org/glsa/202509-06","reference_id":"GLSA-202509-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202509-06"},{"reference_url":"https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/","reference_id":"hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/"},{"reference_url":"https://winscp.net/eng/docs/history#6.2.2","reference_id":"history#6.2.2","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://winscp.net/eng/docs/history#6.2.2"},{"reference_url":"https://www.vandyke.com/products/securecrt/history.txt","reference_id":"history.txt","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://www.vandyke.com/products/securecrt/history.txt"},{"reference_url":"https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6","reference_id":"?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6"},{"reference_url":"https://support.apple.com/kb/HT214084","reference_id":"HT214084","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://support.apple.com/kb/HT214084"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/","reference_id":"HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/","reference_id":"I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/"},{"reference_url":"https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/","reference_id":"important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/"},{"reference_url":"https://news.ycombinator.com/item?id=38684904","reference_id":"item?id=38684904","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://news.ycombinator.com/item?id=38684904"},{"reference_url":"https://news.ycombinator.com/item?id=38685286","reference_id":"item?id=38685286","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://news.ycombinator.com/item?id=38685286"},{"reference_url":"https://news.ycombinator.com/item?id=38732005","reference_id":"item?id=38732005","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://news.ycombinator.com/item?id=38732005"},{"reference_url":"https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15","reference_id":"jsch-0.2.14...jsch-0.2.15","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/","reference_id":"KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/","reference_id":"KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/","reference_id":"L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/"},{"reference_url":"https://security-tracker.debian.org/tracker/source-package/libssh2","reference_id":"libssh2","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://security-tracker.debian.org/tracker/source-package/libssh2"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/","reference_id":"LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/"},{"reference_url":"https://github.com/openssh/openssh-portable/commits/master","reference_id":"master","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/openssh/openssh-portable/commits/master"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/","reference_id":"MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html","reference_id":"msg00013.html","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html","reference_id":"msg00014.html","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html","reference_id":"msg00016.html","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html","reference_id":"msg00017.html","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html"},{"reference_url":"https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ","reference_id":"-n5WqVC18LQ","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ"},{"reference_url":"https://roumenpetrov.info/secsh/#news20231220","reference_id":"#news20231220","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://roumenpetrov.info/secsh/#news20231220"},{"reference_url":"https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42","reference_id":"notes.xml#L39-L42","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240105-0004/","reference_id":"ntap-20240105-0004","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://security.netapp.com/advisory/ntap-20240105-0004/"},{"reference_url":"https://www.openssh.com/openbsd.html","reference_id":"openbsd.html","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://www.openssh.com/openbsd.html"},{"reference_url":"https://github.com/erlang/otp/releases/tag/OTP-26.2.1","reference_id":"OTP-26.2.1","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/erlang/otp/releases/tag/OTP-26.2.1"},{"reference_url":"https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg","reference_id":"proftpd-dfsg","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg"},{"reference_url":"https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg","reference_id":"qA3XtxvMUyg","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/","reference_id":"QI3EHAHABFQK7OABNCSF5GMYP6TONTI7","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/"},{"reference_url":"https://www.openssh.com/txt/release-9.6","reference_id":"release-9.6","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://www.openssh.com/txt/release-9.6"},{"reference_url":"https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES","reference_id":"RELEASE_NOTES","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES"},{"reference_url":"https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES","reference_id":"RELEASE_NOTES","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES"},{"reference_url":"https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES","reference_id":"RELEASE_NOTES","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES"},{"reference_url":"https://github.com/rapier1/hpn-ssh/releases","reference_id":"releases","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/rapier1/hpn-ssh/releases"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7197","reference_id":"RHSA-2023:7197","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:7197"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7198","reference_id":"RHSA-2023:7198","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:7198"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7201","reference_id":"RHSA-2023:7201","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:7201"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0040","reference_id":"RHSA-2024:0040","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0040"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0041","reference_id":"RHSA-2024:0041","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0041"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0429","reference_id":"RHSA-2024:0429","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0429"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0455","reference_id":"RHSA-2024:0455","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0455"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0499","reference_id":"RHSA-2024:0499","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0499"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0538","reference_id":"RHSA-2024:0538","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0538"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0594","reference_id":"RHSA-2024:0594","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0594"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0606","reference_id":"RHSA-2024:0606","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0606"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0625","reference_id":"RHSA-2024:0625","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0625"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0628","reference_id":"RHSA-2024:0628","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0628"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0766","reference_id":"RHSA-2024:0766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0766"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0789","reference_id":"RHSA-2024:0789","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0789"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0843","reference_id":"RHSA-2024:0843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0880","reference_id":"RHSA-2024:0880","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0880"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0954","reference_id":"RHSA-2024:0954","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0954"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1130","reference_id":"RHSA-2024:1130","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1130"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1150","reference_id":"RHSA-2024:1150","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1150"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1192","reference_id":"RHSA-2024:1192","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1192"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1193","reference_id":"RHSA-2024:1193","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1193"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1194","reference_id":"RHSA-2024:1194","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1194"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1196","reference_id":"RHSA-2024:1196","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1196"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1197","reference_id":"RHSA-2024:1197","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1197"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1210","reference_id":"RHSA-2024:1210","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1210"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1383","reference_id":"RHSA-2024:1383","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1383"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1557","reference_id":"RHSA-2024:1557","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1557"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1674","reference_id":"RHSA-2024:1674","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1674"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1675","reference_id":"RHSA-2024:1675","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1675"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1676","reference_id":"RHSA-2024:1676","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1676"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1677","reference_id":"RHSA-2024:1677","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1677"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1859","reference_id":"RHSA-2024:1859","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1859"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2728","reference_id":"RHSA-2024:2728","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2728"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2735","reference_id":"RHSA-2024:2735","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2735"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2768","reference_id":"RHSA-2024:2768","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2768"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2988","reference_id":"RHSA-2024:2988","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2988"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3479","reference_id":"RHSA-2024:3479","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3479"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3634","reference_id":"RHSA-2024:3634","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3634"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3635","reference_id":"RHSA-2024:3635","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3635"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3636","reference_id":"RHSA-2024:3636","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3636"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3718","reference_id":"RHSA-2024:3718","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3718"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3918","reference_id":"RHSA-2024:3918","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3918"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4010","reference_id":"RHSA-2024:4010","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4010"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4151","reference_id":"RHSA-2024:4151","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4151"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4329","reference_id":"RHSA-2024:4329","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4329"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4479","reference_id":"RHSA-2024:4479","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4479"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4484","reference_id":"RHSA-2024:4484","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4484"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4597","reference_id":"RHSA-2024:4597","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4597"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4613","reference_id":"RHSA-2024:4613","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4613"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4662","reference_id":"RHSA-2024:4662","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4662"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4955","reference_id":"RHSA-2024:4955","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4955"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4959","reference_id":"RHSA-2024:4959","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4959"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4960","reference_id":"RHSA-2024:4960","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4960"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5200","reference_id":"RHSA-2024:5200","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5200"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5432","reference_id":"RHSA-2024:5432","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5432"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5433","reference_id":"RHSA-2024:5433","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5433"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5438","reference_id":"RHSA-2024:5438","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5438"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6406","reference_id":"RHSA-2024:6406","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6406"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8235","reference_id":"RHSA-2024:8235","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8235"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4664","reference_id":"RHSA-2025:4664","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4664"},{"reference_url":"https://bugzilla.suse.com/show_bug.cgi?id=1217950","reference_id":"show_bug.cgi?id=1217950","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://bugzilla.suse.com/show_bug.cgi?id=1217950"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2254210","reference_id":"show_bug.cgi?id=2254210","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2254210"},{"reference_url":"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002","reference_id":"SNWLID-2024-0002","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002"},{"reference_url":"https://www.bitvise.com/ssh-client-version-history#933","reference_id":"ssh-client-version-history#933","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://www.bitvise.com/ssh-client-version-history#933"},{"reference_url":"https://www.bitvise.com/ssh-server-version-history","reference_id":"ssh-server-version-history","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://www.bitvise.com/ssh-server-version-history"},{"reference_url":"https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/","reference_id":"suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/"},{"reference_url":"https://github.com/ronf/asyncssh/tags","reference_id":"tags","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/ronf/asyncssh/tags"},{"reference_url":"https://gitlab.com/libssh/libssh-mirror/-/tags","reference_id":"tags","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://gitlab.com/libssh/libssh-mirror/-/tags"},{"reference_url":"https://www.theregister.com/2023/12/20/terrapin_attack_ssh","reference_id":"terrapin_attack_ssh","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://www.theregister.com/2023/12/20/terrapin_attack_ssh"},{"reference_url":"https://forum.netgate.com/topic/184941/terrapin-ssh-attack","reference_id":"terrapin-ssh-attack","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://forum.netgate.com/topic/184941/terrapin-ssh-attack"},{"reference_url":"http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html","reference_id":"Terrapin-SSH-Connection-Weakening.html","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html"},{"reference_url":"https://help.panic.com/releasenotes/transmit5/","reference_id":"transmit5","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://help.panic.com/releasenotes/transmit5/"},{"reference_url":"https://security-tracker.debian.org/tracker/source-package/trilead-ssh2","reference_id":"trilead-ssh2","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://security-tracker.debian.org/tracker/source-package/trilead-ssh2"},{"reference_url":"https://usn.ubuntu.com/6560-1/","reference_id":"USN-6560-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6560-1/"},{"reference_url":"https://usn.ubuntu.com/6560-2/","reference_id":"USN-6560-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6560-2/"},{"reference_url":"https://usn.ubuntu.com/6561-1/","reference_id":"USN-6561-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6561-1/"},{"reference_url":"https://usn.ubuntu.com/6585-1/","reference_id":"USN-6585-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6585-1/"},{"reference_url":"https://usn.ubuntu.com/6589-1/","reference_id":"USN-6589-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6589-1/"},{"reference_url":"https://usn.ubuntu.com/6598-1/","reference_id":"USN-6598-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6598-1/"},{"reference_url":"https://usn.ubuntu.com/6738-1/","reference_id":"USN-6738-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6738-1/"},{"reference_url":"https://usn.ubuntu.com/7051-1/","reference_id":"USN-7051-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7051-1/"},{"reference_url":"https://usn.ubuntu.com/7292-1/","reference_id":"USN-7292-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7292-1/"},{"reference_url":"https://usn.ubuntu.com/7297-1/","reference_id":"USN-7297-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7297-1/"},{"reference_url":"https://github.com/warp-tech/russh/releases/tag/v0.40.2","reference_id":"v0.40.2","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/warp-tech/russh/releases/tag/v0.40.2"},{"reference_url":"https://nova.app/releases/#v11.8","reference_id":"#v11.8","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://nova.app/releases/#v11.8"},{"reference_url":"https://github.com/drakkan/sftpgo/releases/tag/v2.5.6","reference_id":"v2.5.6","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/drakkan/sftpgo/releases/tag/v2.5.6"},{"reference_url":"https://github.com/TeraTermProject/teraterm/releases/tag/v5.1","reference_id":"v5.1","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/TeraTermProject/teraterm/releases/tag/v5.1"},{"reference_url":"https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta","reference_id":"v9.5.0.0p1-Beta","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta"},{"reference_url":"https://crates.io/crates/thrussh/versions","reference_id":"versions","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://crates.io/crates/thrussh/versions"},{"reference_url":"https://filezilla-project.org/versions.php","reference_id":"versions.php","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://filezilla-project.org/versions.php"},{"reference_url":"https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update","reference_id":"Wiki.jsp?page=Update","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update"},{"reference_url":"https://www.terrapin-attack.com","reference_id":"www.terrapin-attack.com","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://www.terrapin-attack.com"},{"reference_url":"https://www.netsarang.com/en/xshell-update-history/","reference_id":"xshell-update-history","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://www.netsarang.com/en/xshell-update-history/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1079932?format=json","purl":"pkg:deb/debian/openssh@1:8.4p1-5%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-124c-8gmd-xfb7"},{"vulnerability":"VCID-358j-tvz2-dbau"},{"vulnerability":"VCID-3ky7-2mqj-q7gh"},{"vulnerability":"VCID-51qb-g51q-b3fd"},{"vulnerability":"VCID-98ft-mftn-mfcu"},{"vulnerability":"VCID-c2p7-27z7-5ffc"},{"vulnerability":"VCID-hfvj-pb4z-67av"},{"vulnerability":"VCID-mbbh-g3se-2yen"},{"vulnerability":"VCID-rp48-23m3-h3bx"},{"vulnerability":"VCID-yje6-k29k-fkch"},{"vulnerability":"VCID-z7bz-947q-jkgt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:8.4p1-5%252Bdeb11u3"}],"aliases":["CVE-2023-48795","GHSA-45x7-px36-x8w8"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6ft3-n7d1-53h3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2011?format=json","vulnerability_id":"VCID-8mhg-d4md-sbd7","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8858.json","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8858.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-8858","reference_id":"","reference_type":"","scores":[{"value":"0.31178","scoring_system":"epss","scoring_elements":"0.96887","published_at":"2026-06-12T12:55:00Z"},{"value":"0.31178","scoring_system":"epss","scoring_elements":"0.96876","published_at":"2026-06-11T12:55:00Z"},{"value":"0.31178","scoring_system":"epss","scoring_elements":"0.96889","published_at":"2026-06-13T12:55:00Z"},{"value":"0.31178","scoring_system":"epss","scoring_elements":"0.9689","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-8858"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8858","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8858"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://ftp.openbsd.org/pub/OpenBSD/patches/6.0/common/013_ssh_kexinit.patch.sig","reference_id":"013_ssh_kexinit.patch.sig","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-15T16:36:39Z/"}],"url":"https://ftp.openbsd.org/pub/OpenBSD/patches/6.0/common/013_ssh_kexinit.patch.sig"},{"reference_url":"http://www.openwall.com/lists/oss-security/2016/10/20/1","reference_id":"1","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-15T16:36:39Z/"}],"url":"http://www.openwall.com/lists/oss-security/2016/10/20/1"},{"reference_url":"http://www.securitytracker.com/id/1037057","reference_id":"1037057","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-15T16:36:39Z/"}],"url":"http://www.securitytracker.com/id/1037057"},{"reference_url":"https://security.gentoo.org/glsa/201612-18","reference_id":"201612-18","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-15T16:36:39Z/"}],"url":"https://security.gentoo.org/glsa/201612-18"},{"reference_url":"http://www.openwall.com/lists/oss-security/2016/10/19/3","reference_id":"3","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-15T16:36:39Z/"}],"url":"http://www.openwall.com/lists/oss-security/2016/10/19/3"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=841884","reference_id":"841884","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=841884"},{"reference_url":"http://www.securityfocus.com/bid/93776","reference_id":"93776","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-15T16:36:39Z/"}],"url":"http://www.securityfocus.com/bid/93776"},{"reference_url":"https://github.com/openssh/openssh-portable/commit/ec165c392ca54317dbe3064a8c200de6531e89ad","reference_id":"ec165c392ca54317dbe3064a8c200de6531e89ad","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-15T16:36:39Z/"}],"url":"https://github.com/openssh/openssh-portable/commit/ec165c392ca54317dbe3064a8c200de6531e89ad"},{"reference_url":"https://security.FreeBSD.org/advisories/FreeBSD-SA-16:33.openssh.asc","reference_id":"FreeBSD-SA-16:33.openssh.asc","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-15T16:36:39Z/"}],"url":"https://security.FreeBSD.org/advisories/FreeBSD-SA-16:33.openssh.asc"},{"reference_url":"http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/kex.c.diff?r1=1.126&r2=1.127&f=h","reference_id":"kex.c.diff?r1=1.126&r2=1.127&f=h","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-15T16:36:39Z/"}],"url":"http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/kex.c.diff?r1=1.126&r2=1.127&f=h"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180201-0001/","reference_id":"ntap-20180201-0001","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-15T16:36:39Z/"}],"url":"https://security.netapp.com/advisory/ntap-20180201-0001/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1384860","reference_id":"show_bug.cgi?id=1384860","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-15T16:36:39Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1384860"},{"reference_url":"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf","reference_id":"ssa-412672.pdf","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-15T16:36:39Z/"}],"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"},{"reference_url":"http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/kex.c?rev=1.127&content-type=text/x-cvsweb-markup","reference_id":"x-cvsweb-markup","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-15T16:36:39Z/"}],"url":"http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/kex.c?rev=1.127&content-type=text/x-cvsweb-markup"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1076695?format=json","purl":"pkg:deb/debian/openssh@1:7.4p1-10%2Bdeb9u7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-124c-8gmd-xfb7"},{"vulnerability":"VCID-1k3j-b43t-ckgx"},{"vulnerability":"VCID-29b1-zcfn-1be6"},{"vulnerability":"VCID-358j-tvz2-dbau"},{"vulnerability":"VCID-3ky7-2mqj-q7gh"},{"vulnerability":"VCID-51qb-g51q-b3fd"},{"vulnerability":"VCID-59xb-y4z9-pbfp"},{"vulnerability":"VCID-6ft3-n7d1-53h3"},{"vulnerability":"VCID-98ft-mftn-mfcu"},{"vulnerability":"VCID-c2p7-27z7-5ffc"},{"vulnerability":"VCID-cm2c-arkw-audk"},{"vulnerability":"VCID-d3f4-y8af-cbap"},{"vulnerability":"VCID-e2cy-pzgk-9ucu"},{"vulnerability":"VCID-gmg1-md81-3ka6"},{"vulnerability":"VCID-hfvj-pb4z-67av"},{"vulnerability":"VCID-mbbh-g3se-2yen"},{"vulnerability":"VCID-nm47-brfe-rbfu"},{"vulnerability":"VCID-payd-r87h-53cc"},{"vulnerability":"VCID-pxgq-mjwq-bfa7"},{"vulnerability":"VCID-rp48-23m3-h3bx"},{"vulnerability":"VCID-xsrv-ne3r-37ej"},{"vulnerability":"VCID-z7bz-947q-jkgt"},{"vulnerability":"VCID-z8hs-nkmn-dfcs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:7.4p1-10%252Bdeb9u7"}],"aliases":["CVE-2016-8858"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8mhg-d4md-sbd7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/23351?format=json","vulnerability_id":"VCID-98ft-mftn-mfcu","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-26465.json","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-26465.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-26465","reference_id":"","reference_type":"","scores":[{"value":"0.61222","scoring_system":"epss","scoring_elements":"0.98353","published_at":"2026-06-14T12:55:00Z"},{"value":"0.61222","scoring_system":"epss","scoring_elements":"0.98346","published_at":"2026-06-11T12:55:00Z"},{"value":"0.61222","scoring_system":"epss","scoring_elements":"0.98352","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-26465"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26465","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26465"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://seclists.org/oss-sec/2025/q1/144","reference_id":"144","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-19T15:02:09Z/"}],"url":"https://seclists.org/oss-sec/2025/q1/144"},{"reference_url":"https://access.redhat.com/solutions/7109879","reference_id":"7109879","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-19T15:02:09Z/"}],"url":"https://access.redhat.com/solutions/7109879"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:discovery:1.14::el9","reference_id":"cpe:/a:redhat:discovery:1.14::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:discovery:1.14::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream","reference_id":"cpe:/a:redhat:enterprise_linux:8::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream","reference_id":"cpe:/a:redhat:enterprise_linux:9::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4","reference_id":"cpe:/a:redhat:openshift:4","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream","reference_id":"cpe:/a:redhat:rhel_eus:9.4::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10","reference_id":"cpe:/o:redhat:enterprise_linux:10","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6","reference_id":"cpe:/o:redhat:enterprise_linux:6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7","reference_id":"cpe:/o:redhat:enterprise_linux:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos","reference_id":"cpe:/o:redhat:enterprise_linux:8::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos","reference_id":"cpe:/o:redhat:enterprise_linux:9::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.4::baseos","reference_id":"cpe:/o:redhat:rhel_eus:9.4::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.4::baseos"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-26465","reference_id":"CVE-2025-26465","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-19T15:02:09Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2025-26465"},{"reference_url":"https://security.gentoo.org/glsa/202502-01","reference_id":"GLSA-202502-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202502-01"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16823","reference_id":"RHSA-2025:16823","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-19T15:02:09Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:16823"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3837","reference_id":"RHSA-2025:3837","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-19T15:02:09Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:3837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:6993","reference_id":"RHSA-2025:6993","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-19T15:02:09Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:6993"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8385","reference_id":"RHSA-2025:8385","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-19T15:02:09Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:8385"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2344780","reference_id":"show_bug.cgi?id=2344780","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-19T15:02:09Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2344780"},{"reference_url":"https://usn.ubuntu.com/7270-1/","reference_id":"USN-7270-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7270-1/"},{"reference_url":"https://usn.ubuntu.com/7270-2/","reference_id":"USN-7270-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7270-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1079933?format=json","purl":"pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:9.2p1-2%252Bdeb12u7"}],"aliases":["CVE-2025-26465"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"6.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-98ft-mftn-mfcu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/158776?format=json","vulnerability_id":"VCID-9ycf-2n8g-tyg6","summary":"The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5600.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5600.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5600","reference_id":"","reference_type":"","scores":[{"value":"0.78359","scoring_system":"epss","scoring_elements":"0.99056","published_at":"2026-06-14T12:55:00Z"},{"value":"0.78359","scoring_system":"epss","scoring_elements":"0.99052","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5600"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5600","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5600"},{"reference_url":"http://www.securitytracker.com/id/1032988","reference_id":"1032988","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:31:47Z/"}],"url":"http://www.securitytracker.com/id/1032988"},{"reference_url":"https://www.arista.com/en/support/advisories-notices/security-advisories/1174-security-advisory-12","reference_id":"1174-security-advisory-12","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:31:47Z/"}],"url":"https://www.arista.com/en/support/advisories-notices/security-advisories/1174-security-advisory-12"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1245969","reference_id":"1245969","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1245969"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162955.html","reference_id":"162955.html","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:31:47Z/"}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162955.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165170.html","reference_id":"165170.html","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:31:47Z/"}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165170.html"},{"reference_url":"https://security.gentoo.org/glsa/201512-04","reference_id":"201512-04","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:31:47Z/"}],"url":"https://security.gentoo.org/glsa/201512-04"},{"reference_url":"http://openwall.com/lists/oss-security/2015/07/23/4","reference_id":"4","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:31:47Z/"}],"url":"http://openwall.com/lists/oss-security/2015/07/23/4"},{"reference_url":"http://www.securityfocus.com/bid/75990","reference_id":"75990","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:31:47Z/"}],"url":"http://www.securityfocus.com/bid/75990"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=793616","reference_id":"793616","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=793616"},{"reference_url":"http://www.securityfocus.com/bid/91787","reference_id":"91787","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:31:47Z/"}],"url":"http://www.securityfocus.com/bid/91787"},{"reference_url":"http://seclists.org/fulldisclosure/2015/Jul/92","reference_id":"92","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:31:47Z/"}],"url":"http://seclists.org/fulldisclosure/2015/Jul/92"},{"reference_url":"http://www.securityfocus.com/bid/92012","reference_id":"92012","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:31:47Z/"}],"url":"http://www.securityfocus.com/bid/92012"},{"reference_url":"http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth2-chall.c","reference_id":"auth2-chall.c","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:31:47Z/"}],"url":"http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth2-chall.c"},{"reference_url":"http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth2-chall.c.diff?r1=1.42&r2=1.43&f=h","reference_id":"auth2-chall.c.diff?r1=1.42&r2=1.43&f=h","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:31:47Z/"}],"url":"http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth2-chall.c.diff?r1=1.42&r2=1.43&f=h"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html","reference_id":"bulletinoct2015-2511968.html","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:31:47Z/"}],"url":"http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html","reference_id":"cpujul2016-2881720.html","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:31:47Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","reference_id":"cpujul2018-4258247.html","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:31:47Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"},{"reference_url":"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952480","reference_id":"docDisplay?docId=emr_na-c04952480","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:31:47Z/"}],"url":"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952480"},{"reference_url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05128992","reference_id":"docDisplay?docId=emr_na-c05128992","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:31:47Z/"}],"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05128992"},{"reference_url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667","reference_id":"docDisplay?docId=emr_na-c05157667","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:31:47Z/"}],"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667"},{"reference_url":"https://support.apple.com/kb/HT205031","reference_id":"HT205031","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:31:47Z/"}],"url":"https://support.apple.com/kb/HT205031"},{"reference_url":"http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10697","reference_id":"index?page=content&id=JSA10697","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:31:47Z/"}],"url":"http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10697"},{"reference_url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10136","reference_id":"index?page=content&id=SB10136","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:31:47Z/"}],"url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10136"},{"reference_url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10157","reference_id":"index?page=content&id=SB10157","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:31:47Z/"}],"url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10157"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html","reference_id":"linuxbulletinapr2016-2952096.html","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:31:47Z/"}],"url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html","reference_id":"linuxbulletinoct2015-2719645.html","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:31:47Z/"}],"url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"},{"reference_url":"http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html","reference_id":"msg00001.html","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:31:47Z/"}],"url":"http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html","reference_id":"msg00010.html","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:31:47Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.html","reference_id":"msg00017.html","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:31:47Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20151106-0001/","reference_id":"ntap-20151106-0001","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:31:47Z/"}],"url":"https://security.netapp.com/advisory/ntap-20151106-0001/"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html","reference_id":"ovmbulletinjul2016-3090546.html","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:31:47Z/"}],"url":"http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2088","reference_id":"RHSA-2015:2088","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2088"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0466","reference_id":"RHSA-2016:0466","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0466"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-0466.html","reference_id":"RHSA-2016-0466.html","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:31:47Z/"}],"url":"http://rhn.redhat.com/errata/RHSA-2016-0466.html"},{"reference_url":"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf","reference_id":"ssa-412672.pdf","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:31:47Z/"}],"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"},{"reference_url":"https://usn.ubuntu.com/2710-1/","reference_id":"USN-2710-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2710-1/"},{"reference_url":"http://www.ubuntu.com/usn/USN-2710-1","reference_id":"USN-2710-1","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:31:47Z/"}],"url":"http://www.ubuntu.com/usn/USN-2710-1"},{"reference_url":"http://www.ubuntu.com/usn/USN-2710-2","reference_id":"USN-2710-2","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:31:47Z/"}],"url":"http://www.ubuntu.com/usn/USN-2710-2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1076695?format=json","purl":"pkg:deb/debian/openssh@1:7.4p1-10%2Bdeb9u7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-124c-8gmd-xfb7"},{"vulnerability":"VCID-1k3j-b43t-ckgx"},{"vulnerability":"VCID-29b1-zcfn-1be6"},{"vulnerability":"VCID-358j-tvz2-dbau"},{"vulnerability":"VCID-3ky7-2mqj-q7gh"},{"vulnerability":"VCID-51qb-g51q-b3fd"},{"vulnerability":"VCID-59xb-y4z9-pbfp"},{"vulnerability":"VCID-6ft3-n7d1-53h3"},{"vulnerability":"VCID-98ft-mftn-mfcu"},{"vulnerability":"VCID-c2p7-27z7-5ffc"},{"vulnerability":"VCID-cm2c-arkw-audk"},{"vulnerability":"VCID-d3f4-y8af-cbap"},{"vulnerability":"VCID-e2cy-pzgk-9ucu"},{"vulnerability":"VCID-gmg1-md81-3ka6"},{"vulnerability":"VCID-hfvj-pb4z-67av"},{"vulnerability":"VCID-mbbh-g3se-2yen"},{"vulnerability":"VCID-nm47-brfe-rbfu"},{"vulnerability":"VCID-payd-r87h-53cc"},{"vulnerability":"VCID-pxgq-mjwq-bfa7"},{"vulnerability":"VCID-rp48-23m3-h3bx"},{"vulnerability":"VCID-xsrv-ne3r-37ej"},{"vulnerability":"VCID-z7bz-947q-jkgt"},{"vulnerability":"VCID-z8hs-nkmn-dfcs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:7.4p1-10%252Bdeb9u7"}],"aliases":["CVE-2015-5600"],"risk_score":3.6,"exploitability":"0.5","weighted_severity":"7.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9ycf-2n8g-tyg6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/186051?format=json","vulnerability_id":"VCID-amga-n7sa-zket","summary":"Multiple vulnerabilities have been found in OpenSSH, the worst of\n    which could lead to arbitrary code execution, or cause a Denial of Service\n    condition.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5352.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5352.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5352","reference_id":"","reference_type":"","scores":[{"value":"0.0539","scoring_system":"epss","scoring_elements":"0.9033","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0539","scoring_system":"epss","scoring_elements":"0.90359","published_at":"2026-06-12T12:55:00Z"},{"value":"0.0539","scoring_system":"epss","scoring_elements":"0.90368","published_at":"2026-06-13T12:55:00Z"},{"value":"0.0539","scoring_system":"epss","scoring_elements":"0.90367","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5352"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5352","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5352"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1238231","reference_id":"1238231","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1238231"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=790798","reference_id":"790798","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=790798"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0741","reference_id":"RHSA-2016:0741","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0741"},{"reference_url":"https://usn.ubuntu.com/2710-1/","reference_id":"USN-2710-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2710-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1076695?format=json","purl":"pkg:deb/debian/openssh@1:7.4p1-10%2Bdeb9u7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-124c-8gmd-xfb7"},{"vulnerability":"VCID-1k3j-b43t-ckgx"},{"vulnerability":"VCID-29b1-zcfn-1be6"},{"vulnerability":"VCID-358j-tvz2-dbau"},{"vulnerability":"VCID-3ky7-2mqj-q7gh"},{"vulnerability":"VCID-51qb-g51q-b3fd"},{"vulnerability":"VCID-59xb-y4z9-pbfp"},{"vulnerability":"VCID-6ft3-n7d1-53h3"},{"vulnerability":"VCID-98ft-mftn-mfcu"},{"vulnerability":"VCID-c2p7-27z7-5ffc"},{"vulnerability":"VCID-cm2c-arkw-audk"},{"vulnerability":"VCID-d3f4-y8af-cbap"},{"vulnerability":"VCID-e2cy-pzgk-9ucu"},{"vulnerability":"VCID-gmg1-md81-3ka6"},{"vulnerability":"VCID-hfvj-pb4z-67av"},{"vulnerability":"VCID-mbbh-g3se-2yen"},{"vulnerability":"VCID-nm47-brfe-rbfu"},{"vulnerability":"VCID-payd-r87h-53cc"},{"vulnerability":"VCID-pxgq-mjwq-bfa7"},{"vulnerability":"VCID-rp48-23m3-h3bx"},{"vulnerability":"VCID-xsrv-ne3r-37ej"},{"vulnerability":"VCID-z7bz-947q-jkgt"},{"vulnerability":"VCID-z8hs-nkmn-dfcs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:7.4p1-10%252Bdeb9u7"}],"aliases":["CVE-2015-5352"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-amga-n7sa-zket"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1710?format=json","vulnerability_id":"VCID-b8pn-bg8e-vyca","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6515.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6515.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6515","reference_id":"","reference_type":"","scores":[{"value":"0.77091","scoring_system":"epss","scoring_elements":"0.98989","published_at":"2026-06-11T12:55:00Z"},{"value":"0.77091","scoring_system":"epss","scoring_elements":"0.98993","published_at":"2026-06-13T12:55:00Z"},{"value":"0.77091","scoring_system":"epss","scoring_elements":"0.98994","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6515"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6515","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6515"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1364935","reference_id":"1364935","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1364935"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=833823","reference_id":"833823","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=833823"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/40888.py","reference_id":"CVE-2016-6515","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/40888.py"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2029","reference_id":"RHSA-2017:2029","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2029"},{"reference_url":"https://usn.ubuntu.com/3061-1/","reference_id":"USN-3061-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3061-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1076695?format=json","purl":"pkg:deb/debian/openssh@1:7.4p1-10%2Bdeb9u7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-124c-8gmd-xfb7"},{"vulnerability":"VCID-1k3j-b43t-ckgx"},{"vulnerability":"VCID-29b1-zcfn-1be6"},{"vulnerability":"VCID-358j-tvz2-dbau"},{"vulnerability":"VCID-3ky7-2mqj-q7gh"},{"vulnerability":"VCID-51qb-g51q-b3fd"},{"vulnerability":"VCID-59xb-y4z9-pbfp"},{"vulnerability":"VCID-6ft3-n7d1-53h3"},{"vulnerability":"VCID-98ft-mftn-mfcu"},{"vulnerability":"VCID-c2p7-27z7-5ffc"},{"vulnerability":"VCID-cm2c-arkw-audk"},{"vulnerability":"VCID-d3f4-y8af-cbap"},{"vulnerability":"VCID-e2cy-pzgk-9ucu"},{"vulnerability":"VCID-gmg1-md81-3ka6"},{"vulnerability":"VCID-hfvj-pb4z-67av"},{"vulnerability":"VCID-mbbh-g3se-2yen"},{"vulnerability":"VCID-nm47-brfe-rbfu"},{"vulnerability":"VCID-payd-r87h-53cc"},{"vulnerability":"VCID-pxgq-mjwq-bfa7"},{"vulnerability":"VCID-rp48-23m3-h3bx"},{"vulnerability":"VCID-xsrv-ne3r-37ej"},{"vulnerability":"VCID-z7bz-947q-jkgt"},{"vulnerability":"VCID-z8hs-nkmn-dfcs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:7.4p1-10%252Bdeb9u7"}],"aliases":["CVE-2016-6515"],"risk_score":9.6,"exploitability":"2.0","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b8pn-bg8e-vyca"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/771?format=json","vulnerability_id":"VCID-bnpz-2y49-33cy","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10010.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10010.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-10010","reference_id":"","reference_type":"","scores":[{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.24907","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.25106","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.2511","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.25124","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-10010"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10010","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10010"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:S/C:C/I:C/A:C"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"http://www.securitytracker.com/id/1037490","reference_id":"1037490","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:22:39Z/"}],"url":"http://www.securitytracker.com/id/1037490"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1406278","reference_id":"1406278","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1406278"},{"reference_url":"http://www.openwall.com/lists/oss-security/2016/12/19/2","reference_id":"2","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:22:39Z/"}],"url":"http://www.openwall.com/lists/oss-security/2016/12/19/2"},{"reference_url":"https://www.exploit-db.com/exploits/40962/","reference_id":"40962","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:22:39Z/"}],"url":"https://www.exploit-db.com/exploits/40962/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=848715","reference_id":"848715","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=848715"},{"reference_url":"http://www.securityfocus.com/bid/94972","reference_id":"94972","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:22:39Z/"}],"url":"http://www.securityfocus.com/bid/94972"},{"reference_url":"https://security.archlinux.org/ASA-201612-20","reference_id":"ASA-201612-20","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201612-20"},{"reference_url":"https://security.archlinux.org/AVG-110","reference_id":"AVG-110","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-110"},{"reference_url":"https://github.com/openbsd/src/commit/c76fac666ea038753294f2ac94d310f8adece9ce","reference_id":"c76fac666ea038753294f2ac94d310f8adece9ce","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:22:39Z/"}],"url":"https://github.com/openbsd/src/commit/c76fac666ea038753294f2ac94d310f8adece9ce"},{"reference_url":"https://bugs.chromium.org/p/project-zero/issues/detail?id=1010","reference_id":"CVE-2016-10010","reference_type":"exploit","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:22:39Z/"}],"url":"https://bugs.chromium.org/p/project-zero/issues/detail?id=1010"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/40962.txt","reference_id":"CVE-2016-10010","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/40962.txt"},{"reference_url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03818en_us","reference_id":"display?docLocale=en_US&docId=emr_na-hpesbux03818en_us","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:22:39Z/"}],"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03818en_us"},{"reference_url":"https://security.FreeBSD.org/advisories/FreeBSD-SA-17:01.openssh.asc","reference_id":"FreeBSD-SA-17:01.openssh.asc","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:22:39Z/"}],"url":"https://security.FreeBSD.org/advisories/FreeBSD-SA-17:01.openssh.asc"},{"reference_url":"https://security.netapp.com/advisory/ntap-20171130-0002/","reference_id":"ntap-20171130-0002","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:22:39Z/"}],"url":"https://security.netapp.com/advisory/ntap-20171130-0002/"},{"reference_url":"http://packetstormsecurity.com/files/140262/OpenSSH-Local-Privilege-Escalation.html","reference_id":"OpenSSH-Local-Privilege-Escalation.html","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:22:39Z/"}],"url":"http://packetstormsecurity.com/files/140262/OpenSSH-Local-Privilege-Escalation.html"},{"reference_url":"https://www.openssh.com/txt/release-7.4","reference_id":"release-7.4","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:22:39Z/"}],"url":"https://www.openssh.com/txt/release-7.4"},{"reference_url":"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf","reference_id":"ssa-412672.pdf","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:22:39Z/"}],"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"},{"reference_url":"http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.647637","reference_id":"viewer.php?l=slackware-security&y=2016&m=slackware-security.647637","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:22:39Z/"}],"url":"http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.647637"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1076695?format=json","purl":"pkg:deb/debian/openssh@1:7.4p1-10%2Bdeb9u7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-124c-8gmd-xfb7"},{"vulnerability":"VCID-1k3j-b43t-ckgx"},{"vulnerability":"VCID-29b1-zcfn-1be6"},{"vulnerability":"VCID-358j-tvz2-dbau"},{"vulnerability":"VCID-3ky7-2mqj-q7gh"},{"vulnerability":"VCID-51qb-g51q-b3fd"},{"vulnerability":"VCID-59xb-y4z9-pbfp"},{"vulnerability":"VCID-6ft3-n7d1-53h3"},{"vulnerability":"VCID-98ft-mftn-mfcu"},{"vulnerability":"VCID-c2p7-27z7-5ffc"},{"vulnerability":"VCID-cm2c-arkw-audk"},{"vulnerability":"VCID-d3f4-y8af-cbap"},{"vulnerability":"VCID-e2cy-pzgk-9ucu"},{"vulnerability":"VCID-gmg1-md81-3ka6"},{"vulnerability":"VCID-hfvj-pb4z-67av"},{"vulnerability":"VCID-mbbh-g3se-2yen"},{"vulnerability":"VCID-nm47-brfe-rbfu"},{"vulnerability":"VCID-payd-r87h-53cc"},{"vulnerability":"VCID-pxgq-mjwq-bfa7"},{"vulnerability":"VCID-rp48-23m3-h3bx"},{"vulnerability":"VCID-xsrv-ne3r-37ej"},{"vulnerability":"VCID-z7bz-947q-jkgt"},{"vulnerability":"VCID-z8hs-nkmn-dfcs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:7.4p1-10%252Bdeb9u7"}],"aliases":["CVE-2016-10010"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bnpz-2y49-33cy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/28440?format=json","vulnerability_id":"VCID-c2p7-27z7-5ffc","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-35387.json","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-35387.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35387","reference_id":"","reference_type":"","scores":[{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19253","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19419","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19442","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19422","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35387"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35387","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35387"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132574","reference_id":"1132574","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132574"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454494","reference_id":"2454494","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454494"},{"reference_url":"https://www.openwall.com/lists/oss-security/2026/04/02/3","reference_id":"3","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:07:49Z/"}],"url":"https://www.openwall.com/lists/oss-security/2026/04/02/3"},{"reference_url":"https://marc.info/?l=openssh-unix-dev&m=177513443901484&w=2","reference_id":"?l=openssh-unix-dev&m=177513443901484&w=2","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:07:49Z/"}],"url":"https://marc.info/?l=openssh-unix-dev&m=177513443901484&w=2"},{"reference_url":"https://www.openssh.org/releasenotes.html#10.3p1","reference_id":"releasenotes.html#10.3p1","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:07:49Z/"}],"url":"https://www.openssh.org/releasenotes.html#10.3p1"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12389","reference_id":"RHSA-2026:12389","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12389"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13380","reference_id":"RHSA-2026:13380","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13380"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13381","reference_id":"RHSA-2026:13381","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13381"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13383","reference_id":"RHSA-2026:13383","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13383"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:14937","reference_id":"RHSA-2026:14937","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:14937"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16059","reference_id":"RHSA-2026:16059","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:16059"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:19069","reference_id":"RHSA-2026:19069","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:19069"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:19219","reference_id":"RHSA-2026:19219","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:19219"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21275","reference_id":"RHSA-2026:21275","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21275"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21298","reference_id":"RHSA-2026:21298","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21298"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21398","reference_id":"RHSA-2026:21398","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21398"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22329","reference_id":"RHSA-2026:22329","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22329"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22564","reference_id":"RHSA-2026:22564","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22564"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22648","reference_id":"RHSA-2026:22648","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22648"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:25096","reference_id":"RHSA-2026:25096","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:25096"},{"reference_url":"https://usn.ubuntu.com/8222-1/","reference_id":"USN-8222-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8222-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1079933?format=json","purl":"pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:9.2p1-2%252Bdeb12u7"}],"aliases":["CVE-2026-35387"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c2p7-27z7-5ffc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10116?format=json","vulnerability_id":"VCID-cm2c-arkw-audk","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41617.json","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41617.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41617","reference_id":"","reference_type":"","scores":[{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.5111","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.5124","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.51253","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.51241","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41617"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41617","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41617"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2008291","reference_id":"2008291","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2008291"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=995130","reference_id":"995130","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=995130"},{"reference_url":"https://security.archlinux.org/AVG-2422","reference_id":"AVG-2422","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2422"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4782","reference_id":"RHSA-2021:4782","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4782"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:2013","reference_id":"RHSA-2022:2013","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:2013"},{"reference_url":"https://usn.ubuntu.com/5666-1/","reference_id":"USN-5666-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5666-1/"},{"reference_url":"https://usn.ubuntu.com/6565-1/","reference_id":"USN-6565-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6565-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1079932?format=json","purl":"pkg:deb/debian/openssh@1:8.4p1-5%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-124c-8gmd-xfb7"},{"vulnerability":"VCID-358j-tvz2-dbau"},{"vulnerability":"VCID-3ky7-2mqj-q7gh"},{"vulnerability":"VCID-51qb-g51q-b3fd"},{"vulnerability":"VCID-98ft-mftn-mfcu"},{"vulnerability":"VCID-c2p7-27z7-5ffc"},{"vulnerability":"VCID-hfvj-pb4z-67av"},{"vulnerability":"VCID-mbbh-g3se-2yen"},{"vulnerability":"VCID-rp48-23m3-h3bx"},{"vulnerability":"VCID-yje6-k29k-fkch"},{"vulnerability":"VCID-z7bz-947q-jkgt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:8.4p1-5%252Bdeb11u3"}],"aliases":["CVE-2021-41617"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cm2c-arkw-audk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3082?format=json","vulnerability_id":"VCID-d3f4-y8af-cbap","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15906.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15906.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15906","reference_id":"","reference_type":"","scores":[{"value":"0.02659","scoring_system":"epss","scoring_elements":"0.86171","published_at":"2026-06-14T12:55:00Z"},{"value":"0.02659","scoring_system":"epss","scoring_elements":"0.86111","published_at":"2026-06-11T12:55:00Z"},{"value":"0.02659","scoring_system":"epss","scoring_elements":"0.86161","published_at":"2026-06-12T12:55:00Z"},{"value":"0.02659","scoring_system":"epss","scoring_elements":"0.86173","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15906"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15906","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15906"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:N/I:P/A:N"},{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"http://www.securityfocus.com/bid/101552","reference_id":"101552","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:55:30Z/"}],"url":"http://www.securityfocus.com/bid/101552"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1506630","reference_id":"1506630","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1506630"},{"reference_url":"https://security.gentoo.org/glsa/201801-05","reference_id":"201801-05","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:55:30Z/"}],"url":"https://security.gentoo.org/glsa/201801-05"},{"reference_url":"https://github.com/openbsd/src/commit/a6981567e8e215acc1ef690c8dbb30f2d9b00a19","reference_id":"a6981567e8e215acc1ef690c8dbb30f2d9b00a19","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:55:30Z/"}],"url":"https://github.com/openbsd/src/commit/a6981567e8e215acc1ef690c8dbb30f2d9b00a19"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2020.html","reference_id":"cpujan2020.html","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:55:30Z/"}],"url":"https://www.oracle.com/security-alerts/cpujan2020.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html","reference_id":"msg00010.html","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:55:30Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180423-0004/","reference_id":"ntap-20180423-0004","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:55:30Z/"}],"url":"https://security.netapp.com/advisory/ntap-20180423-0004/"},{"reference_url":"https://www.openssh.com/txt/release-7.6","reference_id":"release-7.6","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:55:30Z/"}],"url":"https://www.openssh.com/txt/release-7.6"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0980","reference_id":"RHSA-2018:0980","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:55:30Z/"}],"url":"https://access.redhat.com/errata/RHSA-2018:0980"},{"reference_url":"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf","reference_id":"ssa-412672.pdf","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:55:30Z/"}],"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1078456?format=json","purl":"pkg:deb/debian/openssh@1:7.9p1-10%2Bdeb10u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-124c-8gmd-xfb7"},{"vulnerability":"VCID-1k3j-b43t-ckgx"},{"vulnerability":"VCID-29b1-zcfn-1be6"},{"vulnerability":"VCID-358j-tvz2-dbau"},{"vulnerability":"VCID-3ky7-2mqj-q7gh"},{"vulnerability":"VCID-51qb-g51q-b3fd"},{"vulnerability":"VCID-6ft3-n7d1-53h3"},{"vulnerability":"VCID-98ft-mftn-mfcu"},{"vulnerability":"VCID-c2p7-27z7-5ffc"},{"vulnerability":"VCID-cm2c-arkw-audk"},{"vulnerability":"VCID-hfvj-pb4z-67av"},{"vulnerability":"VCID-mbbh-g3se-2yen"},{"vulnerability":"VCID-nm47-brfe-rbfu"},{"vulnerability":"VCID-payd-r87h-53cc"},{"vulnerability":"VCID-rp48-23m3-h3bx"},{"vulnerability":"VCID-xsrv-ne3r-37ej"},{"vulnerability":"VCID-z7bz-947q-jkgt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:7.9p1-10%252Bdeb10u2"}],"aliases":["CVE-2017-15906"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d3f4-y8af-cbap"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/529?format=json","vulnerability_id":"VCID-dk18-vmt4-6yar","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8325.json","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8325.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8325","reference_id":"","reference_type":"","scores":[{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.23308","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.23317","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.2333","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23542","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8325"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8325","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8325"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:M/Au:S/C:C/I:C/A:C"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"http://www.securitytracker.com/id/1036487","reference_id":"1036487","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-22T14:28:36Z/"}],"url":"http://www.securitytracker.com/id/1036487"},{"reference_url":"https://security.gentoo.org/glsa/201612-18","reference_id":"201612-18","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-22T14:28:36Z/"}],"url":"https://security.gentoo.org/glsa/201612-18"},{"reference_url":"http://www.securityfocus.com/bid/86187","reference_id":"86187","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-22T14:28:36Z/"}],"url":"http://www.securityfocus.com/bid/86187"},{"reference_url":"https://security-tracker.debian.org/tracker/CVE-2015-8325","reference_id":"CVE-2015-8325","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-22T14:28:36Z/"}],"url":"https://security-tracker.debian.org/tracker/CVE-2015-8325"},{"reference_url":"https://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-8325.html","reference_id":"CVE-2015-8325.html","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-22T14:28:36Z/"}],"url":"https://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-8325.html"},{"reference_url":"http://www.debian.org/security/2016/dsa-3550","reference_id":"dsa-3550","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-22T14:28:36Z/"}],"url":"http://www.debian.org/security/2016/dsa-3550"},{"reference_url":"https://anongit.mindrot.org/openssh.git/commit/?id=85bdcd7c92fe7ff133bbc4e10a65c91810f88755","reference_id":"?id=85bdcd7c92fe7ff133bbc4e10a65c91810f88755","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-22T14:28:36Z/"}],"url":"https://anongit.mindrot.org/openssh.git/commit/?id=85bdcd7c92fe7ff133bbc4e10a65c91810f88755"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180628-0001/","reference_id":"ntap-20180628-0001","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-22T14:28:36Z/"}],"url":"https://security.netapp.com/advisory/ntap-20180628-0001/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2588","reference_id":"RHSA-2016:2588","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2588"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-2588.html","reference_id":"RHSA-2016-2588.html","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-22T14:28:36Z/"}],"url":"http://rhn.redhat.com/errata/RHSA-2016-2588.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0641","reference_id":"RHSA-2017:0641","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0641"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2017-0641.html","reference_id":"RHSA-2017-0641.html","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-22T14:28:36Z/"}],"url":"http://rhn.redhat.com/errata/RHSA-2017-0641.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1328012","reference_id":"show_bug.cgi?id=1328012","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-22T14:28:36Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1328012"},{"reference_url":"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf","reference_id":"ssa-412672.pdf","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-22T14:28:36Z/"}],"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"},{"reference_url":"https://usn.ubuntu.com/2966-1/","reference_id":"USN-2966-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2966-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1074333?format=json","purl":"pkg:deb/debian/openssh@1:6.7p1-5%2Bdeb8u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-124c-8gmd-xfb7"},{"vulnerability":"VCID-1k3j-b43t-ckgx"},{"vulnerability":"VCID-29b1-zcfn-1be6"},{"vulnerability":"VCID-358j-tvz2-dbau"},{"vulnerability":"VCID-3ky7-2mqj-q7gh"},{"vulnerability":"VCID-3rbw-3649-xkgw"},{"vulnerability":"VCID-51qb-g51q-b3fd"},{"vulnerability":"VCID-59xb-y4z9-pbfp"},{"vulnerability":"VCID-6c6q-52re-zqdc"},{"vulnerability":"VCID-6ft3-n7d1-53h3"},{"vulnerability":"VCID-8mhg-d4md-sbd7"},{"vulnerability":"VCID-98ft-mftn-mfcu"},{"vulnerability":"VCID-9ycf-2n8g-tyg6"},{"vulnerability":"VCID-amga-n7sa-zket"},{"vulnerability":"VCID-b8pn-bg8e-vyca"},{"vulnerability":"VCID-bnpz-2y49-33cy"},{"vulnerability":"VCID-c2p7-27z7-5ffc"},{"vulnerability":"VCID-cm2c-arkw-audk"},{"vulnerability":"VCID-d3f4-y8af-cbap"},{"vulnerability":"VCID-dk18-vmt4-6yar"},{"vulnerability":"VCID-dscc-v22m-uyab"},{"vulnerability":"VCID-e2cy-pzgk-9ucu"},{"vulnerability":"VCID-eens-u1sp-17em"},{"vulnerability":"VCID-ga81-2agq-dfca"},{"vulnerability":"VCID-gmg1-md81-3ka6"},{"vulnerability":"VCID-gvwt-pjzt-dbdw"},{"vulnerability":"VCID-hds4-e8hn-rkhy"},{"vulnerability":"VCID-hfvj-pb4z-67av"},{"vulnerability":"VCID-kcgk-nx2a-cqc4"},{"vulnerability":"VCID-mbbh-g3se-2yen"},{"vulnerability":"VCID-nm47-brfe-rbfu"},{"vulnerability":"VCID-payd-r87h-53cc"},{"vulnerability":"VCID-pxgq-mjwq-bfa7"},{"vulnerability":"VCID-rp48-23m3-h3bx"},{"vulnerability":"VCID-tq7z-791w-pfgc"},{"vulnerability":"VCID-vb6z-841p-53bn"},{"vulnerability":"VCID-vcqw-c3yq-byhs"},{"vulnerability":"VCID-vfn3-y9yg-3yc7"},{"vulnerability":"VCID-xsrv-ne3r-37ej"},{"vulnerability":"VCID-z7bz-947q-jkgt"},{"vulnerability":"VCID-z8hs-nkmn-dfcs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:6.7p1-5%252Bdeb8u4"},{"url":"http://public2.vulnerablecode.io/api/packages/1076695?format=json","purl":"pkg:deb/debian/openssh@1:7.4p1-10%2Bdeb9u7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-124c-8gmd-xfb7"},{"vulnerability":"VCID-1k3j-b43t-ckgx"},{"vulnerability":"VCID-29b1-zcfn-1be6"},{"vulnerability":"VCID-358j-tvz2-dbau"},{"vulnerability":"VCID-3ky7-2mqj-q7gh"},{"vulnerability":"VCID-51qb-g51q-b3fd"},{"vulnerability":"VCID-59xb-y4z9-pbfp"},{"vulnerability":"VCID-6ft3-n7d1-53h3"},{"vulnerability":"VCID-98ft-mftn-mfcu"},{"vulnerability":"VCID-c2p7-27z7-5ffc"},{"vulnerability":"VCID-cm2c-arkw-audk"},{"vulnerability":"VCID-d3f4-y8af-cbap"},{"vulnerability":"VCID-e2cy-pzgk-9ucu"},{"vulnerability":"VCID-gmg1-md81-3ka6"},{"vulnerability":"VCID-hfvj-pb4z-67av"},{"vulnerability":"VCID-mbbh-g3se-2yen"},{"vulnerability":"VCID-nm47-brfe-rbfu"},{"vulnerability":"VCID-payd-r87h-53cc"},{"vulnerability":"VCID-pxgq-mjwq-bfa7"},{"vulnerability":"VCID-rp48-23m3-h3bx"},{"vulnerability":"VCID-xsrv-ne3r-37ej"},{"vulnerability":"VCID-z7bz-947q-jkgt"},{"vulnerability":"VCID-z8hs-nkmn-dfcs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:7.4p1-10%252Bdeb9u7"}],"aliases":["CVE-2015-8325"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"7.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dk18-vmt4-6yar"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/772?format=json","vulnerability_id":"VCID-dscc-v22m-uyab","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10011.json","reference_id":"","reference_type":"","scores":[{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10011.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-10011","reference_id":"","reference_type":"","scores":[{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03198","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03186","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03182","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03195","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-10011"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10011","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10011"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:P/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"http://www.securitytracker.com/id/1037490","reference_id":"1037490","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:19:02Z/"}],"url":"http://www.securitytracker.com/id/1037490"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1406286","reference_id":"1406286","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1406286"},{"reference_url":"http://www.openwall.com/lists/oss-security/2016/12/19/2","reference_id":"2","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:19:02Z/"}],"url":"http://www.openwall.com/lists/oss-security/2016/12/19/2"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=848716","reference_id":"848716","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=848716"},{"reference_url":"http://www.securityfocus.com/bid/94977","reference_id":"94977","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:19:02Z/"}],"url":"http://www.securityfocus.com/bid/94977"},{"reference_url":"https://github.com/openbsd/src/commit/ac8147a06ed2e2403fb6b9a0c03e618a9333c0e9","reference_id":"ac8147a06ed2e2403fb6b9a0c03e618a9333c0e9","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:19:02Z/"}],"url":"https://github.com/openbsd/src/commit/ac8147a06ed2e2403fb6b9a0c03e618a9333c0e9"},{"reference_url":"https://security.archlinux.org/ASA-201612-20","reference_id":"ASA-201612-20","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201612-20"},{"reference_url":"https://security.archlinux.org/AVG-110","reference_id":"AVG-110","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-110"},{"reference_url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03818en_us","reference_id":"display?docLocale=en_US&docId=emr_na-hpesbux03818en_us","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:19:02Z/"}],"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03818en_us"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html","reference_id":"msg00010.html","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:19:02Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20171130-0002/","reference_id":"ntap-20171130-0002","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:19:02Z/"}],"url":"https://security.netapp.com/advisory/ntap-20171130-0002/"},{"reference_url":"https://www.openssh.com/txt/release-7.4","reference_id":"release-7.4","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:19:02Z/"}],"url":"https://www.openssh.com/txt/release-7.4"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2029","reference_id":"RHSA-2017:2029","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:19:02Z/"}],"url":"https://access.redhat.com/errata/RHSA-2017:2029"},{"reference_url":"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf","reference_id":"ssa-412672.pdf","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:19:02Z/"}],"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"},{"reference_url":"https://cert-portal.siemens.com/productcert/pdf/ssa-676336.pdf","reference_id":"ssa-676336.pdf","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:19:02Z/"}],"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-676336.pdf"},{"reference_url":"http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.647637","reference_id":"viewer.php?l=slackware-security&y=2016&m=slackware-security.647637","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:19:02Z/"}],"url":"http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.647637"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1076695?format=json","purl":"pkg:deb/debian/openssh@1:7.4p1-10%2Bdeb9u7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-124c-8gmd-xfb7"},{"vulnerability":"VCID-1k3j-b43t-ckgx"},{"vulnerability":"VCID-29b1-zcfn-1be6"},{"vulnerability":"VCID-358j-tvz2-dbau"},{"vulnerability":"VCID-3ky7-2mqj-q7gh"},{"vulnerability":"VCID-51qb-g51q-b3fd"},{"vulnerability":"VCID-59xb-y4z9-pbfp"},{"vulnerability":"VCID-6ft3-n7d1-53h3"},{"vulnerability":"VCID-98ft-mftn-mfcu"},{"vulnerability":"VCID-c2p7-27z7-5ffc"},{"vulnerability":"VCID-cm2c-arkw-audk"},{"vulnerability":"VCID-d3f4-y8af-cbap"},{"vulnerability":"VCID-e2cy-pzgk-9ucu"},{"vulnerability":"VCID-gmg1-md81-3ka6"},{"vulnerability":"VCID-hfvj-pb4z-67av"},{"vulnerability":"VCID-mbbh-g3se-2yen"},{"vulnerability":"VCID-nm47-brfe-rbfu"},{"vulnerability":"VCID-payd-r87h-53cc"},{"vulnerability":"VCID-pxgq-mjwq-bfa7"},{"vulnerability":"VCID-rp48-23m3-h3bx"},{"vulnerability":"VCID-xsrv-ne3r-37ej"},{"vulnerability":"VCID-z7bz-947q-jkgt"},{"vulnerability":"VCID-z8hs-nkmn-dfcs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:7.4p1-10%252Bdeb9u7"}],"aliases":["CVE-2016-10011"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dscc-v22m-uyab"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4862?format=json","vulnerability_id":"VCID-e2cy-pzgk-9ucu","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-15473.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-15473.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-15473","reference_id":"","reference_type":"","scores":[{"value":"0.90356","scoring_system":"epss","scoring_elements":"0.9962","published_at":"2026-06-12T12:55:00Z"},{"value":"0.90356","scoring_system":"epss","scoring_elements":"0.99621","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-15473"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15473","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15473"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"http://www.securitytracker.com/id/1041487","reference_id":"1041487","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:22:43Z/"}],"url":"http://www.securitytracker.com/id/1041487"},{"reference_url":"http://www.securityfocus.com/bid/105140","reference_id":"105140","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:22:43Z/"}],"url":"http://www.securityfocus.com/bid/105140"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1619063","reference_id":"1619063","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1619063"},{"reference_url":"https://security.gentoo.org/glsa/201810-03","reference_id":"201810-03","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:22:43Z/"}],"url":"https://security.gentoo.org/glsa/201810-03"},{"reference_url":"https://usn.ubuntu.com/3809-1/","reference_id":"3809-1","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:22:43Z/"}],"url":"https://usn.ubuntu.com/3809-1/"},{"reference_url":"https://www.exploit-db.com/exploits/45210/","reference_id":"45210","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:22:43Z/"}],"url":"https://www.exploit-db.com/exploits/45210/"},{"reference_url":"https://www.exploit-db.com/exploits/45233/","reference_id":"45233","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:22:43Z/"}],"url":"https://www.exploit-db.com/exploits/45233/"},{"reference_url":"https://www.exploit-db.com/exploits/45939/","reference_id":"45939","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:22:43Z/"}],"url":"https://www.exploit-db.com/exploits/45939/"},{"reference_url":"http://www.openwall.com/lists/oss-security/2018/08/15/5","reference_id":"5","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:22:43Z/"}],"url":"http://www.openwall.com/lists/oss-security/2018/08/15/5"},{"reference_url":"https://github.com/openbsd/src/commit/779974d35b4859c07bc3cb8a12c74b43b0a7d1e0","reference_id":"779974d35b4859c07bc3cb8a12c74b43b0a7d1e0","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:22:43Z/"}],"url":"https://github.com/openbsd/src/commit/779974d35b4859c07bc3cb8a12c74b43b0a7d1e0"},{"reference_url":"https://bugs.debian.org/906236","reference_id":"906236","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:22:43Z/"}],"url":"https://bugs.debian.org/906236"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906236","reference_id":"906236","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906236"},{"reference_url":"https://security.archlinux.org/AVG-763","reference_id":"AVG-763","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-763"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2020.html","reference_id":"cpujan2020.html","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:22:43Z/"}],"url":"https://www.oracle.com/security-alerts/cpujan2020.html"},{"reference_url":"https://bugfuzz.com/stuff/ssh-check-username.py","reference_id":"CVE-2018-15473","reference_type":"exploit","scores":[],"url":"https://bugfuzz.com/stuff/ssh-check-username.py"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/45210.py","reference_id":"CVE-2018-15473","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/45210.py"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/45233.py","reference_id":"CVE-2018-15473","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/45233.py"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/45939.py","reference_id":"CVE-2018-15473","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/45939.py"},{"reference_url":"https://www.debian.org/security/2018/dsa-4280","reference_id":"dsa-4280","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:22:43Z/"}],"url":"https://www.debian.org/security/2018/dsa-4280"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/08/msg00022.html","reference_id":"msg00022.html","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:22:43Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2018/08/msg00022.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20181101-0001/","reference_id":"ntap-20181101-0001","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:22:43Z/"}],"url":"https://security.netapp.com/advisory/ntap-20181101-0001/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0711","reference_id":"RHSA-2019:0711","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:22:43Z/"}],"url":"https://access.redhat.com/errata/RHSA-2019:0711"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2143","reference_id":"RHSA-2019:2143","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:22:43Z/"}],"url":"https://access.redhat.com/errata/RHSA-2019:2143"},{"reference_url":"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0011","reference_id":"SNWLID-2018-0011","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:22:43Z/"}],"url":"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0011"},{"reference_url":"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf","reference_id":"ssa-412672.pdf","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:22:43Z/"}],"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1076695?format=json","purl":"pkg:deb/debian/openssh@1:7.4p1-10%2Bdeb9u7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-124c-8gmd-xfb7"},{"vulnerability":"VCID-1k3j-b43t-ckgx"},{"vulnerability":"VCID-29b1-zcfn-1be6"},{"vulnerability":"VCID-358j-tvz2-dbau"},{"vulnerability":"VCID-3ky7-2mqj-q7gh"},{"vulnerability":"VCID-51qb-g51q-b3fd"},{"vulnerability":"VCID-59xb-y4z9-pbfp"},{"vulnerability":"VCID-6ft3-n7d1-53h3"},{"vulnerability":"VCID-98ft-mftn-mfcu"},{"vulnerability":"VCID-c2p7-27z7-5ffc"},{"vulnerability":"VCID-cm2c-arkw-audk"},{"vulnerability":"VCID-d3f4-y8af-cbap"},{"vulnerability":"VCID-e2cy-pzgk-9ucu"},{"vulnerability":"VCID-gmg1-md81-3ka6"},{"vulnerability":"VCID-hfvj-pb4z-67av"},{"vulnerability":"VCID-mbbh-g3se-2yen"},{"vulnerability":"VCID-nm47-brfe-rbfu"},{"vulnerability":"VCID-payd-r87h-53cc"},{"vulnerability":"VCID-pxgq-mjwq-bfa7"},{"vulnerability":"VCID-rp48-23m3-h3bx"},{"vulnerability":"VCID-xsrv-ne3r-37ej"},{"vulnerability":"VCID-z7bz-947q-jkgt"},{"vulnerability":"VCID-z8hs-nkmn-dfcs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:7.4p1-10%252Bdeb9u7"},{"url":"http://public2.vulnerablecode.io/api/packages/1078456?format=json","purl":"pkg:deb/debian/openssh@1:7.9p1-10%2Bdeb10u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-124c-8gmd-xfb7"},{"vulnerability":"VCID-1k3j-b43t-ckgx"},{"vulnerability":"VCID-29b1-zcfn-1be6"},{"vulnerability":"VCID-358j-tvz2-dbau"},{"vulnerability":"VCID-3ky7-2mqj-q7gh"},{"vulnerability":"VCID-51qb-g51q-b3fd"},{"vulnerability":"VCID-6ft3-n7d1-53h3"},{"vulnerability":"VCID-98ft-mftn-mfcu"},{"vulnerability":"VCID-c2p7-27z7-5ffc"},{"vulnerability":"VCID-cm2c-arkw-audk"},{"vulnerability":"VCID-hfvj-pb4z-67av"},{"vulnerability":"VCID-mbbh-g3se-2yen"},{"vulnerability":"VCID-nm47-brfe-rbfu"},{"vulnerability":"VCID-payd-r87h-53cc"},{"vulnerability":"VCID-rp48-23m3-h3bx"},{"vulnerability":"VCID-xsrv-ne3r-37ej"},{"vulnerability":"VCID-z7bz-947q-jkgt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:7.9p1-10%252Bdeb10u2"}],"aliases":["CVE-2018-15473"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e2cy-pzgk-9ucu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/890?format=json","vulnerability_id":"VCID-eens-u1sp-17em","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10708.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10708.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-10708","reference_id":"","reference_type":"","scores":[{"value":"0.0312","scoring_system":"epss","scoring_elements":"0.87184","published_at":"2026-06-13T12:55:00Z"},{"value":"0.0312","scoring_system":"epss","scoring_elements":"0.87178","published_at":"2026-06-12T12:55:00Z"},{"value":"0.0312","scoring_system":"epss","scoring_elements":"0.87132","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0312","scoring_system":"epss","scoring_elements":"0.87181","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-10708"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10708","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10708"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"http://www.securityfocus.com/bid/102780","reference_id":"102780","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-28T15:50:42Z/"}],"url":"http://www.securityfocus.com/bid/102780"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1537929","reference_id":"1537929","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1537929"},{"reference_url":"https://usn.ubuntu.com/3809-1/","reference_id":"3809-1","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-28T15:50:42Z/"}],"url":"https://usn.ubuntu.com/3809-1/"},{"reference_url":"http://blog.swiecki.net/2018/01/fuzzing-tcp-servers.html","reference_id":"fuzzing-tcp-servers.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-28T15:50:42Z/"}],"url":"http://blog.swiecki.net/2018/01/fuzzing-tcp-servers.html"},{"reference_url":"https://anongit.mindrot.org/openssh.git/commit/?id=28652bca29046f62c7045e933e6b931de1d16737","reference_id":"?id=28652bca29046f62c7045e933e6b931de1d16737","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-28T15:50:42Z/"}],"url":"https://anongit.mindrot.org/openssh.git/commit/?id=28652bca29046f62c7045e933e6b931de1d16737"},{"reference_url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10284","reference_id":"index?page=content&id=SB10284","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-28T15:50:42Z/"}],"url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10284"},{"reference_url":"https://support.f5.com/csp/article/K32485746?utm_source=f5support&amp%3Butm_medium=RSS","reference_id":"K32485746?utm_source=f5support&amp%3Butm_medium=RSS","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-28T15:50:42Z/"}],"url":"https://support.f5.com/csp/article/K32485746?utm_source=f5support&amp%3Butm_medium=RSS"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html","reference_id":"msg00010.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-28T15:50:42Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/01/msg00031.html","reference_id":"msg00031.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-28T15:50:42Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2018/01/msg00031.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180423-0003/","reference_id":"ntap-20180423-0003","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-28T15:50:42Z/"}],"url":"https://security.netapp.com/advisory/ntap-20180423-0003/"},{"reference_url":"https://www.openssh.com/releasenotes.html","reference_id":"releasenotes.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-28T15:50:42Z/"}],"url":"https://www.openssh.com/releasenotes.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2029","reference_id":"RHSA-2017:2029","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2029"},{"reference_url":"https://cert-portal.siemens.com/productcert/pdf/ssa-676336.pdf","reference_id":"ssa-676336.pdf","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-28T15:50:42Z/"}],"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-676336.pdf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1076695?format=json","purl":"pkg:deb/debian/openssh@1:7.4p1-10%2Bdeb9u7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-124c-8gmd-xfb7"},{"vulnerability":"VCID-1k3j-b43t-ckgx"},{"vulnerability":"VCID-29b1-zcfn-1be6"},{"vulnerability":"VCID-358j-tvz2-dbau"},{"vulnerability":"VCID-3ky7-2mqj-q7gh"},{"vulnerability":"VCID-51qb-g51q-b3fd"},{"vulnerability":"VCID-59xb-y4z9-pbfp"},{"vulnerability":"VCID-6ft3-n7d1-53h3"},{"vulnerability":"VCID-98ft-mftn-mfcu"},{"vulnerability":"VCID-c2p7-27z7-5ffc"},{"vulnerability":"VCID-cm2c-arkw-audk"},{"vulnerability":"VCID-d3f4-y8af-cbap"},{"vulnerability":"VCID-e2cy-pzgk-9ucu"},{"vulnerability":"VCID-gmg1-md81-3ka6"},{"vulnerability":"VCID-hfvj-pb4z-67av"},{"vulnerability":"VCID-mbbh-g3se-2yen"},{"vulnerability":"VCID-nm47-brfe-rbfu"},{"vulnerability":"VCID-payd-r87h-53cc"},{"vulnerability":"VCID-pxgq-mjwq-bfa7"},{"vulnerability":"VCID-rp48-23m3-h3bx"},{"vulnerability":"VCID-xsrv-ne3r-37ej"},{"vulnerability":"VCID-z7bz-947q-jkgt"},{"vulnerability":"VCID-z8hs-nkmn-dfcs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:7.4p1-10%252Bdeb9u7"}],"aliases":["CVE-2016-10708"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-eens-u1sp-17em"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/773?format=json","vulnerability_id":"VCID-ga81-2agq-dfca","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10012.json","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10012.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-10012","reference_id":"","reference_type":"","scores":[{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06467","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06456","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06448","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06436","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-10012"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10012","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10012"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:S/C:P/I:P/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"http://www.securitytracker.com/id/1037490","reference_id":"1037490","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-30T19:00:16Z/"}],"url":"http://www.securitytracker.com/id/1037490"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1406293","reference_id":"1406293","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1406293"},{"reference_url":"http://www.openwall.com/lists/oss-security/2016/12/19/2","reference_id":"2","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-30T19:00:16Z/"}],"url":"http://www.openwall.com/lists/oss-security/2016/12/19/2"},{"reference_url":"https://github.com/openbsd/src/commit/3095060f479b86288e31c79ecbc5131a66bcd2f9","reference_id":"3095060f479b86288e31c79ecbc5131a66bcd2f9","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-30T19:00:16Z/"}],"url":"https://github.com/openbsd/src/commit/3095060f479b86288e31c79ecbc5131a66bcd2f9"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=848717","reference_id":"848717","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=848717"},{"reference_url":"http://www.securityfocus.com/bid/94975","reference_id":"94975","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-30T19:00:16Z/"}],"url":"http://www.securityfocus.com/bid/94975"},{"reference_url":"https://security.archlinux.org/ASA-201612-20","reference_id":"ASA-201612-20","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201612-20"},{"reference_url":"https://security.archlinux.org/AVG-110","reference_id":"AVG-110","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-110"},{"reference_url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03818en_us","reference_id":"display?docLocale=en_US&docId=emr_na-hpesbux03818en_us","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-30T19:00:16Z/"}],"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03818en_us"},{"reference_url":"https://support.f5.com/csp/article/K62201745?utm_source=f5support&amp%3Butm_medium=RSS","reference_id":"K62201745?utm_source=f5support&amp%3Butm_medium=RSS","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-30T19:00:16Z/"}],"url":"https://support.f5.com/csp/article/K62201745?utm_source=f5support&amp%3Butm_medium=RSS"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html","reference_id":"msg00010.html","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-30T19:00:16Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20171130-0002/","reference_id":"ntap-20171130-0002","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-30T19:00:16Z/"}],"url":"https://security.netapp.com/advisory/ntap-20171130-0002/"},{"reference_url":"https://www.openssh.com/txt/release-7.4","reference_id":"release-7.4","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-30T19:00:16Z/"}],"url":"https://www.openssh.com/txt/release-7.4"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2029","reference_id":"RHSA-2017:2029","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-30T19:00:16Z/"}],"url":"https://access.redhat.com/errata/RHSA-2017:2029"},{"reference_url":"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf","reference_id":"ssa-412672.pdf","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-30T19:00:16Z/"}],"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"},{"reference_url":"http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.647637","reference_id":"viewer.php?l=slackware-security&y=2016&m=slackware-security.647637","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-30T19:00:16Z/"}],"url":"http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.647637"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1076695?format=json","purl":"pkg:deb/debian/openssh@1:7.4p1-10%2Bdeb9u7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-124c-8gmd-xfb7"},{"vulnerability":"VCID-1k3j-b43t-ckgx"},{"vulnerability":"VCID-29b1-zcfn-1be6"},{"vulnerability":"VCID-358j-tvz2-dbau"},{"vulnerability":"VCID-3ky7-2mqj-q7gh"},{"vulnerability":"VCID-51qb-g51q-b3fd"},{"vulnerability":"VCID-59xb-y4z9-pbfp"},{"vulnerability":"VCID-6ft3-n7d1-53h3"},{"vulnerability":"VCID-98ft-mftn-mfcu"},{"vulnerability":"VCID-c2p7-27z7-5ffc"},{"vulnerability":"VCID-cm2c-arkw-audk"},{"vulnerability":"VCID-d3f4-y8af-cbap"},{"vulnerability":"VCID-e2cy-pzgk-9ucu"},{"vulnerability":"VCID-gmg1-md81-3ka6"},{"vulnerability":"VCID-hfvj-pb4z-67av"},{"vulnerability":"VCID-mbbh-g3se-2yen"},{"vulnerability":"VCID-nm47-brfe-rbfu"},{"vulnerability":"VCID-payd-r87h-53cc"},{"vulnerability":"VCID-pxgq-mjwq-bfa7"},{"vulnerability":"VCID-rp48-23m3-h3bx"},{"vulnerability":"VCID-xsrv-ne3r-37ej"},{"vulnerability":"VCID-z7bz-947q-jkgt"},{"vulnerability":"VCID-z8hs-nkmn-dfcs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:7.4p1-10%252Bdeb9u7"}],"aliases":["CVE-2016-10012"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"7.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ga81-2agq-dfca"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7134?format=json","vulnerability_id":"VCID-gmg1-md81-3ka6","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-6111.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-6111.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-6111","reference_id":"","reference_type":"","scores":[{"value":"0.53643","scoring_system":"epss","scoring_elements":"0.98045","published_at":"2026-06-11T12:55:00Z"},{"value":"0.53643","scoring_system":"epss","scoring_elements":"0.98052","published_at":"2026-06-12T12:55:00Z"},{"value":"0.53643","scoring_system":"epss","scoring_elements":"0.98053","published_at":"2026-06-13T12:55:00Z"},{"value":"0.54213","scoring_system":"epss","scoring_elements":"0.98076","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-6111"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20685","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20685"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6109","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6109"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6111","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6111"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"http://www.openwall.com/lists/oss-security/2019/04/18/1","reference_id":"1","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T14:34:56Z/"}],"url":"http://www.openwall.com/lists/oss-security/2019/04/18/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/08/02/1","reference_id":"1","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T14:34:56Z/"}],"url":"http://www.openwall.com/lists/oss-security/2022/08/02/1"},{"reference_url":"http://www.securityfocus.com/bid/106741","reference_id":"106741","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T14:34:56Z/"}],"url":"http://www.securityfocus.com/bid/106741"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1666127","reference_id":"1666127","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1666127"},{"reference_url":"https://security.gentoo.org/glsa/201903-16","reference_id":"201903-16","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T14:34:56Z/"}],"url":"https://security.gentoo.org/glsa/201903-16"},{"reference_url":"https://usn.ubuntu.com/3885-1/","reference_id":"3885-1","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T14:34:56Z/"}],"url":"https://usn.ubuntu.com/3885-1/"},{"reference_url":"https://usn.ubuntu.com/3885-2/","reference_id":"3885-2","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T14:34:56Z/"}],"url":"https://usn.ubuntu.com/3885-2/"},{"reference_url":"https://www.exploit-db.com/exploits/46193/","reference_id":"46193","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T14:34:56Z/"}],"url":"https://www.exploit-db.com/exploits/46193/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=923486","reference_id":"923486","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=923486"},{"reference_url":"https://security.archlinux.org/ASA-201904-11","reference_id":"ASA-201904-11","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201904-11"},{"reference_url":"https://security.archlinux.org/AVG-951","reference_id":"AVG-951","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-951"},{"reference_url":"https://lists.apache.org/thread.html/c45d9bc90700354b58fb7455962873c44229841880dcb64842fa7d23%40%3Cdev.mina.apache.org%3E","reference_id":"c45d9bc90700354b58fb7455962873c44229841880dcb64842fa7d23%40%3Cdev.mina.apache.org%3E","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T14:34:56Z/"}],"url":"https://lists.apache.org/thread.html/c45d9bc90700354b58fb7455962873c44229841880dcb64842fa7d23%40%3Cdev.mina.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/c7301cab36a86825359e1b725fc40304d1df56dc6d107c1fe885148b%40%3Cdev.mina.apache.org%3E","reference_id":"c7301cab36a86825359e1b725fc40304d1df56dc6d107c1fe885148b%40%3Cdev.mina.apache.org%3E","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T14:34:56Z/"}],"url":"https://lists.apache.org/thread.html/c7301cab36a86825359e1b725fc40304d1df56dc6d107c1fe885148b%40%3Cdev.mina.apache.org%3E"},{"reference_url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","reference_id":"cpuoct2019-5072832.html","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T14:34:56Z/"}],"url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"},{"reference_url":"https://lists.apache.org/thread.html/d540139359de999b0f1c87d05b715be4d7d4bec771e1ae55153c5c7a%40%3Cdev.mina.apache.org%3E","reference_id":"d540139359de999b0f1c87d05b715be4d7d4bec771e1ae55153c5c7a%40%3Cdev.mina.apache.org%3E","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T14:34:56Z/"}],"url":"https://lists.apache.org/thread.html/d540139359de999b0f1c87d05b715be4d7d4bec771e1ae55153c5c7a%40%3Cdev.mina.apache.org%3E"},{"reference_url":"https://www.debian.org/security/2019/dsa-4387","reference_id":"dsa-4387","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T14:34:56Z/"}],"url":"https://www.debian.org/security/2019/dsa-4387"},{"reference_url":"https://lists.apache.org/thread.html/e47597433b351d6e01a5d68d610b4ba195743def9730e49561e8cf3f%40%3Cdev.mina.apache.org%3E","reference_id":"e47597433b351d6e01a5d68d610b4ba195743def9730e49561e8cf3f%40%3Cdev.mina.apache.org%3E","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T14:34:56Z/"}],"url":"https://lists.apache.org/thread.html/e47597433b351d6e01a5d68d610b4ba195743def9730e49561e8cf3f%40%3Cdev.mina.apache.org%3E"},{"reference_url":"https://www.freebsd.org/security/advisories/FreeBSD-EN-19:10.scp.asc","reference_id":"FreeBSD-EN-19:10.scp.asc","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T14:34:56Z/"}],"url":"https://www.freebsd.org/security/advisories/FreeBSD-EN-19:10.scp.asc"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html","reference_id":"msg00030.html","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T14:34:56Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00058.html","reference_id":"msg00058.html","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T14:34:56Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00058.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190213-0001/","reference_id":"ntap-20190213-0001","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T14:34:56Z/"}],"url":"https://security.netapp.com/advisory/ntap-20190213-0001/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3702","reference_id":"RHSA-2019:3702","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T14:34:56Z/"}],"url":"https://access.redhat.com/errata/RHSA-2019:3702"},{"reference_url":"https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c","reference_id":"scp.c","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T14:34:56Z/"}],"url":"https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c"},{"reference_url":"https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt","reference_id":"scp-client-multiple-vulnerabilities.txt","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T14:34:56Z/"}],"url":"https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1677794","reference_id":"show_bug.cgi?id=1677794","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T14:34:56Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1677794"},{"reference_url":"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf","reference_id":"ssa-412672.pdf","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T14:34:56Z/"}],"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W3YVQ2BPTOVDCFDVNC2GGF5P5ISFG37G/","reference_id":"W3YVQ2BPTOVDCFDVNC2GGF5P5ISFG37G","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T14:34:56Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W3YVQ2BPTOVDCFDVNC2GGF5P5ISFG37G/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1076695?format=json","purl":"pkg:deb/debian/openssh@1:7.4p1-10%2Bdeb9u7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-124c-8gmd-xfb7"},{"vulnerability":"VCID-1k3j-b43t-ckgx"},{"vulnerability":"VCID-29b1-zcfn-1be6"},{"vulnerability":"VCID-358j-tvz2-dbau"},{"vulnerability":"VCID-3ky7-2mqj-q7gh"},{"vulnerability":"VCID-51qb-g51q-b3fd"},{"vulnerability":"VCID-59xb-y4z9-pbfp"},{"vulnerability":"VCID-6ft3-n7d1-53h3"},{"vulnerability":"VCID-98ft-mftn-mfcu"},{"vulnerability":"VCID-c2p7-27z7-5ffc"},{"vulnerability":"VCID-cm2c-arkw-audk"},{"vulnerability":"VCID-d3f4-y8af-cbap"},{"vulnerability":"VCID-e2cy-pzgk-9ucu"},{"vulnerability":"VCID-gmg1-md81-3ka6"},{"vulnerability":"VCID-hfvj-pb4z-67av"},{"vulnerability":"VCID-mbbh-g3se-2yen"},{"vulnerability":"VCID-nm47-brfe-rbfu"},{"vulnerability":"VCID-payd-r87h-53cc"},{"vulnerability":"VCID-pxgq-mjwq-bfa7"},{"vulnerability":"VCID-rp48-23m3-h3bx"},{"vulnerability":"VCID-xsrv-ne3r-37ej"},{"vulnerability":"VCID-z7bz-947q-jkgt"},{"vulnerability":"VCID-z8hs-nkmn-dfcs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:7.4p1-10%252Bdeb9u7"},{"url":"http://public2.vulnerablecode.io/api/packages/1078456?format=json","purl":"pkg:deb/debian/openssh@1:7.9p1-10%2Bdeb10u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-124c-8gmd-xfb7"},{"vulnerability":"VCID-1k3j-b43t-ckgx"},{"vulnerability":"VCID-29b1-zcfn-1be6"},{"vulnerability":"VCID-358j-tvz2-dbau"},{"vulnerability":"VCID-3ky7-2mqj-q7gh"},{"vulnerability":"VCID-51qb-g51q-b3fd"},{"vulnerability":"VCID-6ft3-n7d1-53h3"},{"vulnerability":"VCID-98ft-mftn-mfcu"},{"vulnerability":"VCID-c2p7-27z7-5ffc"},{"vulnerability":"VCID-cm2c-arkw-audk"},{"vulnerability":"VCID-hfvj-pb4z-67av"},{"vulnerability":"VCID-mbbh-g3se-2yen"},{"vulnerability":"VCID-nm47-brfe-rbfu"},{"vulnerability":"VCID-payd-r87h-53cc"},{"vulnerability":"VCID-rp48-23m3-h3bx"},{"vulnerability":"VCID-xsrv-ne3r-37ej"},{"vulnerability":"VCID-z7bz-947q-jkgt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:7.9p1-10%252Bdeb10u2"}],"aliases":["CVE-2019-6111"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gmg1-md81-3ka6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65274?format=json","vulnerability_id":"VCID-gvwt-pjzt-dbdw","summary":"The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0778.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0778.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-0778","reference_id":"","reference_type":"","scores":[{"value":"0.00829","scoring_system":"epss","scoring_elements":"0.74971","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00829","scoring_system":"epss","scoring_elements":"0.75041","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00829","scoring_system":"epss","scoring_elements":"0.75054","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00829","scoring_system":"epss","scoring_elements":"0.75051","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-0778"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0777","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0777"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0778","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0778"},{"reference_url":"http://www.securitytracker.com/id/1034671","reference_id":"1034671","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:28:06Z/"}],"url":"http://www.securitytracker.com/id/1034671"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1298033","reference_id":"1298033","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1298033"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.html","reference_id":"176349.html","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:28:06Z/"}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.html","reference_id":"176516.html","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:28:06Z/"}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.html"},{"reference_url":"https://security.gentoo.org/glsa/201601-01","reference_id":"201601-01","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:28:06Z/"}],"url":"https://security.gentoo.org/glsa/201601-01"},{"reference_url":"http://seclists.org/fulldisclosure/2016/Jan/44","reference_id":"44","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:28:06Z/"}],"url":"http://seclists.org/fulldisclosure/2016/Jan/44"},{"reference_url":"http://www.openwall.com/lists/oss-security/2016/01/14/7","reference_id":"7","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:28:06Z/"}],"url":"http://www.openwall.com/lists/oss-security/2016/01/14/7"},{"reference_url":"http://www.securityfocus.com/bid/80698","reference_id":"80698","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:28:06Z/"}],"url":"http://www.securityfocus.com/bid/80698"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html","reference_id":"bulletinoct2015-2511968.html","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:28:06Z/"}],"url":"http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"},{"reference_url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05247375","reference_id":"docDisplay?docId=emr_na-c05247375","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:28:06Z/"}],"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05247375"},{"reference_url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388","reference_id":"docDisplay?docId=emr_na-c05356388","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:28:06Z/"}],"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388"},{"reference_url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680","reference_id":"docDisplay?docId=emr_na-c05385680","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:28:06Z/"}],"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680"},{"reference_url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722","reference_id":"docDisplay?docId=emr_na-c05390722","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:28:06Z/"}],"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"},{"reference_url":"http://www.debian.org/security/2016/dsa-3446","reference_id":"dsa-3446","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:28:06Z/"}],"url":"http://www.debian.org/security/2016/dsa-3446"},{"reference_url":"https://support.apple.com/HT206167","reference_id":"HT206167","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:28:06Z/"}],"url":"https://support.apple.com/HT206167"},{"reference_url":"http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10734","reference_id":"index?page=content&id=JSA10734","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:28:06Z/"}],"url":"http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10734"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html","reference_id":"linuxbulletinjan2016-2867209.html","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:28:06Z/"}],"url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"},{"reference_url":"http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html","reference_id":"msg00004.html","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:28:06Z/"}],"url":"http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00006.html","reference_id":"msg00006.html","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:28:06Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00006.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00007.html","reference_id":"msg00007.html","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:28:06Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00007.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00008.html","reference_id":"msg00008.html","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:28:06Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00008.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00009.html","reference_id":"msg00009.html","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:28:06Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00009.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00013.html","reference_id":"msg00013.html","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:28:06Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00013.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00014.html","reference_id":"msg00014.html","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:28:06Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00014.html"},{"reference_url":"http://packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-Overflow-Leak.html","reference_id":"Qualys-Security-Advisory-OpenSSH-Overflow-Leak.html","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:28:06Z/"}],"url":"http://packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-Overflow-Leak.html"},{"reference_url":"http://www.openssh.com/txt/release-7.1p2","reference_id":"release-7.1p2","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:28:06Z/"}],"url":"http://www.openssh.com/txt/release-7.1p2"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0043","reference_id":"RHSA-2016:0043","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0043"},{"reference_url":"https://bto.bluecoat.com/security-advisory/sa109","reference_id":"sa109","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:28:06Z/"}],"url":"https://bto.bluecoat.com/security-advisory/sa109"},{"reference_url":"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf","reference_id":"ssa-412672.pdf","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:28:06Z/"}],"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"},{"reference_url":"http://www.securityfocus.com/archive/1/537295/100/0/threaded","reference_id":"threaded","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:28:06Z/"}],"url":"http://www.securityfocus.com/archive/1/537295/100/0/threaded"},{"reference_url":"https://usn.ubuntu.com/2869-1/","reference_id":"USN-2869-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2869-1/"},{"reference_url":"http://www.ubuntu.com/usn/USN-2869-1","reference_id":"USN-2869-1","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:28:06Z/"}],"url":"http://www.ubuntu.com/usn/USN-2869-1"},{"reference_url":"https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/","reference_id":"utm-up2date-9-319-released","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:28:06Z/"}],"url":"https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/"},{"reference_url":"https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/","reference_id":"utm-up2date-9-354-released","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:28:06Z/"}],"url":"https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1074333?format=json","purl":"pkg:deb/debian/openssh@1:6.7p1-5%2Bdeb8u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-124c-8gmd-xfb7"},{"vulnerability":"VCID-1k3j-b43t-ckgx"},{"vulnerability":"VCID-29b1-zcfn-1be6"},{"vulnerability":"VCID-358j-tvz2-dbau"},{"vulnerability":"VCID-3ky7-2mqj-q7gh"},{"vulnerability":"VCID-3rbw-3649-xkgw"},{"vulnerability":"VCID-51qb-g51q-b3fd"},{"vulnerability":"VCID-59xb-y4z9-pbfp"},{"vulnerability":"VCID-6c6q-52re-zqdc"},{"vulnerability":"VCID-6ft3-n7d1-53h3"},{"vulnerability":"VCID-8mhg-d4md-sbd7"},{"vulnerability":"VCID-98ft-mftn-mfcu"},{"vulnerability":"VCID-9ycf-2n8g-tyg6"},{"vulnerability":"VCID-amga-n7sa-zket"},{"vulnerability":"VCID-b8pn-bg8e-vyca"},{"vulnerability":"VCID-bnpz-2y49-33cy"},{"vulnerability":"VCID-c2p7-27z7-5ffc"},{"vulnerability":"VCID-cm2c-arkw-audk"},{"vulnerability":"VCID-d3f4-y8af-cbap"},{"vulnerability":"VCID-dk18-vmt4-6yar"},{"vulnerability":"VCID-dscc-v22m-uyab"},{"vulnerability":"VCID-e2cy-pzgk-9ucu"},{"vulnerability":"VCID-eens-u1sp-17em"},{"vulnerability":"VCID-ga81-2agq-dfca"},{"vulnerability":"VCID-gmg1-md81-3ka6"},{"vulnerability":"VCID-gvwt-pjzt-dbdw"},{"vulnerability":"VCID-hds4-e8hn-rkhy"},{"vulnerability":"VCID-hfvj-pb4z-67av"},{"vulnerability":"VCID-kcgk-nx2a-cqc4"},{"vulnerability":"VCID-mbbh-g3se-2yen"},{"vulnerability":"VCID-nm47-brfe-rbfu"},{"vulnerability":"VCID-payd-r87h-53cc"},{"vulnerability":"VCID-pxgq-mjwq-bfa7"},{"vulnerability":"VCID-rp48-23m3-h3bx"},{"vulnerability":"VCID-tq7z-791w-pfgc"},{"vulnerability":"VCID-vb6z-841p-53bn"},{"vulnerability":"VCID-vcqw-c3yq-byhs"},{"vulnerability":"VCID-vfn3-y9yg-3yc7"},{"vulnerability":"VCID-xsrv-ne3r-37ej"},{"vulnerability":"VCID-z7bz-947q-jkgt"},{"vulnerability":"VCID-z8hs-nkmn-dfcs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:6.7p1-5%252Bdeb8u4"},{"url":"http://public2.vulnerablecode.io/api/packages/1076695?format=json","purl":"pkg:deb/debian/openssh@1:7.4p1-10%2Bdeb9u7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-124c-8gmd-xfb7"},{"vulnerability":"VCID-1k3j-b43t-ckgx"},{"vulnerability":"VCID-29b1-zcfn-1be6"},{"vulnerability":"VCID-358j-tvz2-dbau"},{"vulnerability":"VCID-3ky7-2mqj-q7gh"},{"vulnerability":"VCID-51qb-g51q-b3fd"},{"vulnerability":"VCID-59xb-y4z9-pbfp"},{"vulnerability":"VCID-6ft3-n7d1-53h3"},{"vulnerability":"VCID-98ft-mftn-mfcu"},{"vulnerability":"VCID-c2p7-27z7-5ffc"},{"vulnerability":"VCID-cm2c-arkw-audk"},{"vulnerability":"VCID-d3f4-y8af-cbap"},{"vulnerability":"VCID-e2cy-pzgk-9ucu"},{"vulnerability":"VCID-gmg1-md81-3ka6"},{"vulnerability":"VCID-hfvj-pb4z-67av"},{"vulnerability":"VCID-mbbh-g3se-2yen"},{"vulnerability":"VCID-nm47-brfe-rbfu"},{"vulnerability":"VCID-payd-r87h-53cc"},{"vulnerability":"VCID-pxgq-mjwq-bfa7"},{"vulnerability":"VCID-rp48-23m3-h3bx"},{"vulnerability":"VCID-xsrv-ne3r-37ej"},{"vulnerability":"VCID-z7bz-947q-jkgt"},{"vulnerability":"VCID-z8hs-nkmn-dfcs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:7.4p1-10%252Bdeb9u7"}],"aliases":["CVE-2016-0778"],"risk_score":3.6,"exploitability":"0.5","weighted_severity":"7.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gvwt-pjzt-dbdw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/204322?format=json","vulnerability_id":"VCID-hds4-e8hn-rkhy","summary":"The ssh_packet_read_poll2 function in packet.c in OpenSSH before 7.1p2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted network traffic.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1907.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1907.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1907","reference_id":"","reference_type":"","scores":[{"value":"0.00538","scoring_system":"epss","scoring_elements":"0.68004","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00538","scoring_system":"epss","scoring_elements":"0.68092","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00538","scoring_system":"epss","scoring_elements":"0.68104","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00538","scoring_system":"epss","scoring_elements":"0.68101","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1907"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1907","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1907"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1298746","reference_id":"1298746","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1298746"},{"reference_url":"https://usn.ubuntu.com/2966-1/","reference_id":"USN-2966-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2966-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1076695?format=json","purl":"pkg:deb/debian/openssh@1:7.4p1-10%2Bdeb9u7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-124c-8gmd-xfb7"},{"vulnerability":"VCID-1k3j-b43t-ckgx"},{"vulnerability":"VCID-29b1-zcfn-1be6"},{"vulnerability":"VCID-358j-tvz2-dbau"},{"vulnerability":"VCID-3ky7-2mqj-q7gh"},{"vulnerability":"VCID-51qb-g51q-b3fd"},{"vulnerability":"VCID-59xb-y4z9-pbfp"},{"vulnerability":"VCID-6ft3-n7d1-53h3"},{"vulnerability":"VCID-98ft-mftn-mfcu"},{"vulnerability":"VCID-c2p7-27z7-5ffc"},{"vulnerability":"VCID-cm2c-arkw-audk"},{"vulnerability":"VCID-d3f4-y8af-cbap"},{"vulnerability":"VCID-e2cy-pzgk-9ucu"},{"vulnerability":"VCID-gmg1-md81-3ka6"},{"vulnerability":"VCID-hfvj-pb4z-67av"},{"vulnerability":"VCID-mbbh-g3se-2yen"},{"vulnerability":"VCID-nm47-brfe-rbfu"},{"vulnerability":"VCID-payd-r87h-53cc"},{"vulnerability":"VCID-pxgq-mjwq-bfa7"},{"vulnerability":"VCID-rp48-23m3-h3bx"},{"vulnerability":"VCID-xsrv-ne3r-37ej"},{"vulnerability":"VCID-z7bz-947q-jkgt"},{"vulnerability":"VCID-z8hs-nkmn-dfcs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:7.4p1-10%252Bdeb9u7"}],"aliases":["CVE-2016-1907"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hds4-e8hn-rkhy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/28400?format=json","vulnerability_id":"VCID-hfvj-pb4z-67av","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3497.json","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3497.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3497","reference_id":"","reference_type":"","scores":[{"value":"0.00101","scoring_system":"epss","scoring_elements":"0.2756","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00101","scoring_system":"epss","scoring_elements":"0.2735","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00101","scoring_system":"epss","scoring_elements":"0.27553","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00101","scoring_system":"epss","scoring_elements":"0.27576","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3497"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3497","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3497"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130595","reference_id":"1130595","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130595"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2447085","reference_id":"2447085","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2447085"},{"reference_url":"https://www.openwall.com/lists/oss-security/2026/03/12/3","reference_id":"3","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-12T19:04:05Z/"}],"url":"https://www.openwall.com/lists/oss-security/2026/03/12/3"},{"reference_url":"https://ubuntu.com/security/CVE-2026-3497","reference_id":"CVE-2026-3497","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-12T19:04:05Z/"}],"url":"https://ubuntu.com/security/CVE-2026-3497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10065","reference_id":"RHSA-2026:10065","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10065"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10714","reference_id":"RHSA-2026:10714","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10714"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12071","reference_id":"RHSA-2026:12071","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12071"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13750","reference_id":"RHSA-2026:13750","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13750"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13812","reference_id":"RHSA-2026:13812","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13812"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:14773","reference_id":"RHSA-2026:14773","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:14773"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:14924","reference_id":"RHSA-2026:14924","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:14924"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:15087","reference_id":"RHSA-2026:15087","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:15087"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:15891","reference_id":"RHSA-2026:15891","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:15891"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:15893","reference_id":"RHSA-2026:15893","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:15893"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16008","reference_id":"RHSA-2026:16008","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:16008"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16009","reference_id":"RHSA-2026:16009","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:16009"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16030","reference_id":"RHSA-2026:16030","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:16030"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16174","reference_id":"RHSA-2026:16174","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:16174"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17596","reference_id":"RHSA-2026:17596","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17596"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:19724","reference_id":"RHSA-2026:19724","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:19724"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:19725","reference_id":"RHSA-2026:19725","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:19725"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:20040","reference_id":"RHSA-2026:20040","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:20040"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:20087","reference_id":"RHSA-2026:20087","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:20087"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21690","reference_id":"RHSA-2026:21690","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21690"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21695","reference_id":"RHSA-2026:21695","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21695"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:25096","reference_id":"RHSA-2026:25096","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:25096"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5475","reference_id":"RHSA-2026:5475","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5475"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6461","reference_id":"RHSA-2026:6461","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6461"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6462","reference_id":"RHSA-2026:6462","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6462"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6463","reference_id":"RHSA-2026:6463","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6463"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7107","reference_id":"RHSA-2026:7107","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7107"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9415","reference_id":"RHSA-2026:9415","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9415"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9732","reference_id":"RHSA-2026:9732","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9732"},{"reference_url":"https://usn.ubuntu.com/8090-1/","reference_id":"USN-8090-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8090-1/"},{"reference_url":"https://usn.ubuntu.com/8090-2/","reference_id":"USN-8090-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8090-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1079933?format=json","purl":"pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:9.2p1-2%252Bdeb12u7"}],"aliases":["CVE-2026-3497"],"risk_score":3.7,"exploitability":"0.5","weighted_severity":"7.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hfvj-pb4z-67av"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65273?format=json","vulnerability_id":"VCID-kcgk-nx2a-cqc4","summary":"The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0777.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0777.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-0777","reference_id":"","reference_type":"","scores":[{"value":"0.77397","scoring_system":"epss","scoring_elements":"0.99005","published_at":"2026-06-11T12:55:00Z"},{"value":"0.77397","scoring_system":"epss","scoring_elements":"0.99009","published_at":"2026-06-13T12:55:00Z"},{"value":"0.77397","scoring_system":"epss","scoring_elements":"0.9901","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-0777"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0777","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0777"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0778","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0778"},{"reference_url":"http://www.securitytracker.com/id/1034671","reference_id":"1034671","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:29:54Z/"}],"url":"http://www.securitytracker.com/id/1034671"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1298032","reference_id":"1298032","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1298032"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175592.html","reference_id":"175592.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:29:54Z/"}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175592.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175676.html","reference_id":"175676.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:29:54Z/"}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175676.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.html","reference_id":"176349.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:29:54Z/"}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.html","reference_id":"176516.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:29:54Z/"}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.html"},{"reference_url":"https://security.gentoo.org/glsa/201601-01","reference_id":"201601-01","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:29:54Z/"}],"url":"https://security.gentoo.org/glsa/201601-01"},{"reference_url":"http://seclists.org/fulldisclosure/2016/Jan/44","reference_id":"44","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:29:54Z/"}],"url":"http://seclists.org/fulldisclosure/2016/Jan/44"},{"reference_url":"http://www.openwall.com/lists/oss-security/2016/01/14/7","reference_id":"7","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:29:54Z/"}],"url":"http://www.openwall.com/lists/oss-security/2016/01/14/7"},{"reference_url":"http://www.securityfocus.com/bid/80695","reference_id":"80695","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:29:54Z/"}],"url":"http://www.securityfocus.com/bid/80695"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=810984","reference_id":"810984","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=810984"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html","reference_id":"bulletinoct2015-2511968.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:29:54Z/"}],"url":"http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"},{"reference_url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05247375","reference_id":"docDisplay?docId=emr_na-c05247375","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:29:54Z/"}],"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05247375"},{"reference_url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388","reference_id":"docDisplay?docId=emr_na-c05356388","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:29:54Z/"}],"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388"},{"reference_url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680","reference_id":"docDisplay?docId=emr_na-c05385680","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:29:54Z/"}],"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680"},{"reference_url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722","reference_id":"docDisplay?docId=emr_na-c05390722","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:29:54Z/"}],"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"},{"reference_url":"http://www.debian.org/security/2016/dsa-3446","reference_id":"dsa-3446","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:29:54Z/"}],"url":"http://www.debian.org/security/2016/dsa-3446"},{"reference_url":"https://security.FreeBSD.org/advisories/FreeBSD-SA-16:07.openssh.asc","reference_id":"FreeBSD-SA-16:07.openssh.asc","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:29:54Z/"}],"url":"https://security.FreeBSD.org/advisories/FreeBSD-SA-16:07.openssh.asc"},{"reference_url":"https://support.apple.com/HT206167","reference_id":"HT206167","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:29:54Z/"}],"url":"https://support.apple.com/HT206167"},{"reference_url":"http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10734","reference_id":"index?page=content&id=JSA10734","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:29:54Z/"}],"url":"http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10734"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html","reference_id":"linuxbulletinjan2016-2867209.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:29:54Z/"}],"url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"},{"reference_url":"http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html","reference_id":"msg00004.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:29:54Z/"}],"url":"http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00006.html","reference_id":"msg00006.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:29:54Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00006.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00007.html","reference_id":"msg00007.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:29:54Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00007.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00008.html","reference_id":"msg00008.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:29:54Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00008.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00009.html","reference_id":"msg00009.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:29:54Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00009.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00013.html","reference_id":"msg00013.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:29:54Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00013.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00014.html","reference_id":"msg00014.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:29:54Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00014.html"},{"reference_url":"http://packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-Overflow-Leak.html","reference_id":"Qualys-Security-Advisory-OpenSSH-Overflow-Leak.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:29:54Z/"}],"url":"http://packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-Overflow-Leak.html"},{"reference_url":"http://www.openssh.com/txt/release-7.1p2","reference_id":"release-7.1p2","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:29:54Z/"}],"url":"http://www.openssh.com/txt/release-7.1p2"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0043","reference_id":"RHSA-2016:0043","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0043"},{"reference_url":"https://bto.bluecoat.com/security-advisory/sa109","reference_id":"sa109","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:29:54Z/"}],"url":"https://bto.bluecoat.com/security-advisory/sa109"},{"reference_url":"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf","reference_id":"ssa-412672.pdf","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:29:54Z/"}],"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"},{"reference_url":"http://www.securityfocus.com/archive/1/537295/100/0/threaded","reference_id":"threaded","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:29:54Z/"}],"url":"http://www.securityfocus.com/archive/1/537295/100/0/threaded"},{"reference_url":"https://usn.ubuntu.com/2869-1/","reference_id":"USN-2869-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2869-1/"},{"reference_url":"http://www.ubuntu.com/usn/USN-2869-1","reference_id":"USN-2869-1","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:29:54Z/"}],"url":"http://www.ubuntu.com/usn/USN-2869-1"},{"reference_url":"https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/","reference_id":"utm-up2date-9-319-released","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:29:54Z/"}],"url":"https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/"},{"reference_url":"https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/","reference_id":"utm-up2date-9-354-released","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:29:54Z/"}],"url":"https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1074333?format=json","purl":"pkg:deb/debian/openssh@1:6.7p1-5%2Bdeb8u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-124c-8gmd-xfb7"},{"vulnerability":"VCID-1k3j-b43t-ckgx"},{"vulnerability":"VCID-29b1-zcfn-1be6"},{"vulnerability":"VCID-358j-tvz2-dbau"},{"vulnerability":"VCID-3ky7-2mqj-q7gh"},{"vulnerability":"VCID-3rbw-3649-xkgw"},{"vulnerability":"VCID-51qb-g51q-b3fd"},{"vulnerability":"VCID-59xb-y4z9-pbfp"},{"vulnerability":"VCID-6c6q-52re-zqdc"},{"vulnerability":"VCID-6ft3-n7d1-53h3"},{"vulnerability":"VCID-8mhg-d4md-sbd7"},{"vulnerability":"VCID-98ft-mftn-mfcu"},{"vulnerability":"VCID-9ycf-2n8g-tyg6"},{"vulnerability":"VCID-amga-n7sa-zket"},{"vulnerability":"VCID-b8pn-bg8e-vyca"},{"vulnerability":"VCID-bnpz-2y49-33cy"},{"vulnerability":"VCID-c2p7-27z7-5ffc"},{"vulnerability":"VCID-cm2c-arkw-audk"},{"vulnerability":"VCID-d3f4-y8af-cbap"},{"vulnerability":"VCID-dk18-vmt4-6yar"},{"vulnerability":"VCID-dscc-v22m-uyab"},{"vulnerability":"VCID-e2cy-pzgk-9ucu"},{"vulnerability":"VCID-eens-u1sp-17em"},{"vulnerability":"VCID-ga81-2agq-dfca"},{"vulnerability":"VCID-gmg1-md81-3ka6"},{"vulnerability":"VCID-gvwt-pjzt-dbdw"},{"vulnerability":"VCID-hds4-e8hn-rkhy"},{"vulnerability":"VCID-hfvj-pb4z-67av"},{"vulnerability":"VCID-kcgk-nx2a-cqc4"},{"vulnerability":"VCID-mbbh-g3se-2yen"},{"vulnerability":"VCID-nm47-brfe-rbfu"},{"vulnerability":"VCID-payd-r87h-53cc"},{"vulnerability":"VCID-pxgq-mjwq-bfa7"},{"vulnerability":"VCID-rp48-23m3-h3bx"},{"vulnerability":"VCID-tq7z-791w-pfgc"},{"vulnerability":"VCID-vb6z-841p-53bn"},{"vulnerability":"VCID-vcqw-c3yq-byhs"},{"vulnerability":"VCID-vfn3-y9yg-3yc7"},{"vulnerability":"VCID-xsrv-ne3r-37ej"},{"vulnerability":"VCID-z7bz-947q-jkgt"},{"vulnerability":"VCID-z8hs-nkmn-dfcs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:6.7p1-5%252Bdeb8u4"},{"url":"http://public2.vulnerablecode.io/api/packages/1076695?format=json","purl":"pkg:deb/debian/openssh@1:7.4p1-10%2Bdeb9u7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-124c-8gmd-xfb7"},{"vulnerability":"VCID-1k3j-b43t-ckgx"},{"vulnerability":"VCID-29b1-zcfn-1be6"},{"vulnerability":"VCID-358j-tvz2-dbau"},{"vulnerability":"VCID-3ky7-2mqj-q7gh"},{"vulnerability":"VCID-51qb-g51q-b3fd"},{"vulnerability":"VCID-59xb-y4z9-pbfp"},{"vulnerability":"VCID-6ft3-n7d1-53h3"},{"vulnerability":"VCID-98ft-mftn-mfcu"},{"vulnerability":"VCID-c2p7-27z7-5ffc"},{"vulnerability":"VCID-cm2c-arkw-audk"},{"vulnerability":"VCID-d3f4-y8af-cbap"},{"vulnerability":"VCID-e2cy-pzgk-9ucu"},{"vulnerability":"VCID-gmg1-md81-3ka6"},{"vulnerability":"VCID-hfvj-pb4z-67av"},{"vulnerability":"VCID-mbbh-g3se-2yen"},{"vulnerability":"VCID-nm47-brfe-rbfu"},{"vulnerability":"VCID-payd-r87h-53cc"},{"vulnerability":"VCID-pxgq-mjwq-bfa7"},{"vulnerability":"VCID-rp48-23m3-h3bx"},{"vulnerability":"VCID-xsrv-ne3r-37ej"},{"vulnerability":"VCID-z7bz-947q-jkgt"},{"vulnerability":"VCID-z8hs-nkmn-dfcs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:7.4p1-10%252Bdeb9u7"}],"aliases":["CVE-2016-0777"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kcgk-nx2a-cqc4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/28438?format=json","vulnerability_id":"VCID-mbbh-g3se-2yen","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-35385.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-35385.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35385","reference_id":"","reference_type":"","scores":[{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20897","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.2109","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.21072","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35385"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35385","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35385"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132572","reference_id":"1132572","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132572"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454469","reference_id":"2454469","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454469"},{"reference_url":"https://www.openwall.com/lists/oss-security/2026/04/02/3","reference_id":"3","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T17:06:07Z/"}],"url":"https://www.openwall.com/lists/oss-security/2026/04/02/3"},{"reference_url":"https://marc.info/?l=openssh-unix-dev&m=177513443901484&w=2","reference_id":"?l=openssh-unix-dev&m=177513443901484&w=2","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T17:06:07Z/"}],"url":"https://marc.info/?l=openssh-unix-dev&m=177513443901484&w=2"},{"reference_url":"https://www.openssh.org/releasenotes.html#10.3p1","reference_id":"releasenotes.html#10.3p1","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T17:06:07Z/"}],"url":"https://www.openssh.org/releasenotes.html#10.3p1"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12389","reference_id":"RHSA-2026:12389","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12389"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13380","reference_id":"RHSA-2026:13380","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13380"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13381","reference_id":"RHSA-2026:13381","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13381"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13383","reference_id":"RHSA-2026:13383","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13383"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:14937","reference_id":"RHSA-2026:14937","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:14937"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16059","reference_id":"RHSA-2026:16059","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:16059"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:19069","reference_id":"RHSA-2026:19069","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:19069"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:19219","reference_id":"RHSA-2026:19219","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:19219"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:20040","reference_id":"RHSA-2026:20040","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:20040"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21275","reference_id":"RHSA-2026:21275","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21275"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21298","reference_id":"RHSA-2026:21298","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21298"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21398","reference_id":"RHSA-2026:21398","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21398"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22329","reference_id":"RHSA-2026:22329","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22329"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22468","reference_id":"RHSA-2026:22468","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22468"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22564","reference_id":"RHSA-2026:22564","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22564"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22648","reference_id":"RHSA-2026:22648","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22648"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:25063","reference_id":"RHSA-2026:25063","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:25063"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:25096","reference_id":"RHSA-2026:25096","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:25096"},{"reference_url":"https://usn.ubuntu.com/8222-1/","reference_id":"USN-8222-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8222-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1079933?format=json","purl":"pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:9.2p1-2%252Bdeb12u7"}],"aliases":["CVE-2026-35385"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mbbh-g3se-2yen"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/179610?format=json","vulnerability_id":"VCID-nm47-brfe-rbfu","summary":"An integer overflow in OpenSSH might allow an attacker to execute\n    arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16905.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16905.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-16905","reference_id":"","reference_type":"","scores":[{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.5084","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50973","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50989","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50976","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-16905"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16905","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16905"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1767966","reference_id":"1767966","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1767966"},{"reference_url":"https://security.gentoo.org/glsa/201911-01","reference_id":"GLSA-201911-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201911-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1079932?format=json","purl":"pkg:deb/debian/openssh@1:8.4p1-5%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-124c-8gmd-xfb7"},{"vulnerability":"VCID-358j-tvz2-dbau"},{"vulnerability":"VCID-3ky7-2mqj-q7gh"},{"vulnerability":"VCID-51qb-g51q-b3fd"},{"vulnerability":"VCID-98ft-mftn-mfcu"},{"vulnerability":"VCID-c2p7-27z7-5ffc"},{"vulnerability":"VCID-hfvj-pb4z-67av"},{"vulnerability":"VCID-mbbh-g3se-2yen"},{"vulnerability":"VCID-rp48-23m3-h3bx"},{"vulnerability":"VCID-yje6-k29k-fkch"},{"vulnerability":"VCID-z7bz-947q-jkgt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:8.4p1-5%252Bdeb11u3"}],"aliases":["CVE-2019-16905"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"7.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nm47-brfe-rbfu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9275?format=json","vulnerability_id":"VCID-payd-r87h-53cc","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28041.json","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28041.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-28041","reference_id":"","reference_type":"","scores":[{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.49268","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.49405","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.49423","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.49411","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-28041"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28041","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28041"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1935055","reference_id":"1935055","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1935055"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984940","reference_id":"984940","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984940"},{"reference_url":"https://security.archlinux.org/ASA-202103-6","reference_id":"ASA-202103-6","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202103-6"},{"reference_url":"https://security.archlinux.org/AVG-1657","reference_id":"AVG-1657","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1657"},{"reference_url":"https://usn.ubuntu.com/4762-1/","reference_id":"USN-4762-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4762-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1079932?format=json","purl":"pkg:deb/debian/openssh@1:8.4p1-5%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-124c-8gmd-xfb7"},{"vulnerability":"VCID-358j-tvz2-dbau"},{"vulnerability":"VCID-3ky7-2mqj-q7gh"},{"vulnerability":"VCID-51qb-g51q-b3fd"},{"vulnerability":"VCID-98ft-mftn-mfcu"},{"vulnerability":"VCID-c2p7-27z7-5ffc"},{"vulnerability":"VCID-hfvj-pb4z-67av"},{"vulnerability":"VCID-mbbh-g3se-2yen"},{"vulnerability":"VCID-rp48-23m3-h3bx"},{"vulnerability":"VCID-yje6-k29k-fkch"},{"vulnerability":"VCID-z7bz-947q-jkgt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:8.4p1-5%252Bdeb11u3"}],"aliases":["CVE-2021-28041"],"risk_score":3.2,"exploitability":"0.5","weighted_severity":"6.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-payd-r87h-53cc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/199320?format=json","vulnerability_id":"VCID-pxgq-mjwq-bfa7","summary":"regression update","references":[],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1078456?format=json","purl":"pkg:deb/debian/openssh@1:7.9p1-10%2Bdeb10u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-124c-8gmd-xfb7"},{"vulnerability":"VCID-1k3j-b43t-ckgx"},{"vulnerability":"VCID-29b1-zcfn-1be6"},{"vulnerability":"VCID-358j-tvz2-dbau"},{"vulnerability":"VCID-3ky7-2mqj-q7gh"},{"vulnerability":"VCID-51qb-g51q-b3fd"},{"vulnerability":"VCID-6ft3-n7d1-53h3"},{"vulnerability":"VCID-98ft-mftn-mfcu"},{"vulnerability":"VCID-c2p7-27z7-5ffc"},{"vulnerability":"VCID-cm2c-arkw-audk"},{"vulnerability":"VCID-hfvj-pb4z-67av"},{"vulnerability":"VCID-mbbh-g3se-2yen"},{"vulnerability":"VCID-nm47-brfe-rbfu"},{"vulnerability":"VCID-payd-r87h-53cc"},{"vulnerability":"VCID-rp48-23m3-h3bx"},{"vulnerability":"VCID-xsrv-ne3r-37ej"},{"vulnerability":"VCID-z7bz-947q-jkgt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:7.9p1-10%252Bdeb10u2"}],"aliases":["DSA-4539-2 openssh"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pxgq-mjwq-bfa7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/23529?format=json","vulnerability_id":"VCID-rp48-23m3-h3bx","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-32728.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-32728.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-32728","reference_id":"","reference_type":"","scores":[{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44867","published_at":"2026-06-14T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.4488","published_at":"2026-06-13T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44865","published_at":"2026-06-12T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44714","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-32728"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32728","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32728"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://ftp.openbsd.org/pub/OpenBSD/patches/7.6/common/013_ssh.patch.sig","reference_id":"013_ssh.patch.sig","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-10T18:35:34Z/"}],"url":"https://ftp.openbsd.org/pub/OpenBSD/patches/7.6/common/013_ssh.patch.sig"},{"reference_url":"https://lists.mindrot.org/pipermail/openssh-unix-dev/2025-April/041879.html","reference_id":"041879.html","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-10T18:35:34Z/"}],"url":"https://lists.mindrot.org/pipermail/openssh-unix-dev/2025-April/041879.html"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102603","reference_id":"1102603","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102603"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2358767","reference_id":"2358767","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2358767"},{"reference_url":"https://github.com/openssh/openssh-portable/commit/fc86875e6acb36401dfc1dfb6b628a9d1460f367","reference_id":"fc86875e6acb36401dfc1dfb6b628a9d1460f367","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-10T18:35:34Z/"}],"url":"https://github.com/openssh/openssh-portable/commit/fc86875e6acb36401dfc1dfb6b628a9d1460f367"},{"reference_url":"https://www.openssh.com/txt/release-10.0","reference_id":"release-10.0","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-10T18:35:34Z/"}],"url":"https://www.openssh.com/txt/release-10.0"},{"reference_url":"https://www.openssh.com/txt/release-7.4","reference_id":"release-7.4","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-10T18:35:34Z/"}],"url":"https://www.openssh.com/txt/release-7.4"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:20126","reference_id":"RHSA-2025:20126","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:20126"},{"reference_url":"https://usn.ubuntu.com/7457-1/","reference_id":"USN-7457-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7457-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1079933?format=json","purl":"pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:9.2p1-2%252Bdeb12u7"}],"aliases":["CVE-2025-32728"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rp48-23m3-h3bx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1145?format=json","vulnerability_id":"VCID-tq7z-791w-pfgc","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3115.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3115.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3115","reference_id":"","reference_type":"","scores":[{"value":"0.50367","scoring_system":"epss","scoring_elements":"0.97901","published_at":"2026-06-11T12:55:00Z"},{"value":"0.50367","scoring_system":"epss","scoring_elements":"0.97909","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3115"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3115","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3115"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:S/C:P/I:P/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"http://www.securitytracker.com/id/1035249","reference_id":"1035249","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:26:37Z/"}],"url":"http://www.securitytracker.com/id/1035249"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1316829","reference_id":"1316829","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1316829"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178838.html","reference_id":"178838.html","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:26:37Z/"}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178838.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179924.html","reference_id":"179924.html","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:26:37Z/"}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179924.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-March/180491.html","reference_id":"180491.html","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:26:37Z/"}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-March/180491.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183101.html","reference_id":"183101.html","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:26:37Z/"}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183101.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183122.html","reference_id":"183122.html","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:26:37Z/"}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183122.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184264.html","reference_id":"184264.html","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:26:37Z/"}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184264.html"},{"reference_url":"https://security.gentoo.org/glsa/201612-18","reference_id":"201612-18","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:26:37Z/"}],"url":"https://security.gentoo.org/glsa/201612-18"},{"reference_url":"https://www.exploit-db.com/exploits/39569/","reference_id":"39569","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:26:37Z/"}],"url":"https://www.exploit-db.com/exploits/39569/"},{"reference_url":"http://seclists.org/fulldisclosure/2016/Mar/46","reference_id":"46","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:26:37Z/"}],"url":"http://seclists.org/fulldisclosure/2016/Mar/46"},{"reference_url":"http://seclists.org/fulldisclosure/2016/Mar/47","reference_id":"47","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:26:37Z/"}],"url":"http://seclists.org/fulldisclosure/2016/Mar/47"},{"reference_url":"http://www.securityfocus.com/bid/84314","reference_id":"84314","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:26:37Z/"}],"url":"http://www.securityfocus.com/bid/84314"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html","reference_id":"bulletinapr2016-2952098.html","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:26:37Z/"}],"url":"http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"},{"reference_url":"https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-3115","reference_id":"cve-2016-3115","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:26:37Z/"}],"url":"https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-3115"},{"reference_url":"https://github.com/tintinweb/pub/tree/e8fe09e2123f07f09e3f8e34fc4e3e58fe804fd4/pocs/cve-2016-3115","reference_id":"CVE-2016-3115","reference_type":"exploit","scores":[],"url":"https://github.com/tintinweb/pub/tree/e8fe09e2123f07f09e3f8e34fc4e3e58fe804fd4/pocs/cve-2016-3115"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/39569.py","reference_id":"CVE-2016-3115","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/39569.py"},{"reference_url":"https://www.freebsd.org/security/advisories/FreeBSD-SA-16:14.openssh.asc","reference_id":"FreeBSD-SA-16:14.openssh.asc","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:26:37Z/"}],"url":"https://www.freebsd.org/security/advisories/FreeBSD-SA-16:14.openssh.asc"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html","reference_id":"linuxbulletinapr2016-2952096.html","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:26:37Z/"}],"url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html","reference_id":"msg00010.html","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:26:37Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html"},{"reference_url":"http://packetstormsecurity.com/files/136234/OpenSSH-7.2p1-xauth-Command-Injection-Bypass.html","reference_id":"OpenSSH-7.2p1-xauth-Command-Injection-Bypass.html","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:26:37Z/"}],"url":"http://packetstormsecurity.com/files/136234/OpenSSH-7.2p1-xauth-Command-Injection-Bypass.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html","reference_id":"ovmbulletinjul2016-3090546.html","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:26:37Z/"}],"url":"http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0465","reference_id":"RHSA-2016:0465","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0465"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-0465.html","reference_id":"RHSA-2016-0465.html","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:26:37Z/"}],"url":"http://rhn.redhat.com/errata/RHSA-2016-0465.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0466","reference_id":"RHSA-2016:0466","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0466"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-0466.html","reference_id":"RHSA-2016-0466.html","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:26:37Z/"}],"url":"http://rhn.redhat.com/errata/RHSA-2016-0466.html"},{"reference_url":"https://bto.bluecoat.com/security-advisory/sa121","reference_id":"sa121","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:26:37Z/"}],"url":"https://bto.bluecoat.com/security-advisory/sa121"},{"reference_url":"http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c","reference_id":"session.c","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:26:37Z/"}],"url":"http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c"},{"reference_url":"http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c.diff?r1=1.281&r2=1.282&f=h","reference_id":"session.c.diff?r1=1.281&r2=1.282&f=h","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:26:37Z/"}],"url":"http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c.diff?r1=1.281&r2=1.282&f=h"},{"reference_url":"https://usn.ubuntu.com/2966-1/","reference_id":"USN-2966-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2966-1/"},{"reference_url":"http://www.openssh.com/txt/x11fwd.adv","reference_id":"x11fwd.adv","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:26:37Z/"}],"url":"http://www.openssh.com/txt/x11fwd.adv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1076695?format=json","purl":"pkg:deb/debian/openssh@1:7.4p1-10%2Bdeb9u7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-124c-8gmd-xfb7"},{"vulnerability":"VCID-1k3j-b43t-ckgx"},{"vulnerability":"VCID-29b1-zcfn-1be6"},{"vulnerability":"VCID-358j-tvz2-dbau"},{"vulnerability":"VCID-3ky7-2mqj-q7gh"},{"vulnerability":"VCID-51qb-g51q-b3fd"},{"vulnerability":"VCID-59xb-y4z9-pbfp"},{"vulnerability":"VCID-6ft3-n7d1-53h3"},{"vulnerability":"VCID-98ft-mftn-mfcu"},{"vulnerability":"VCID-c2p7-27z7-5ffc"},{"vulnerability":"VCID-cm2c-arkw-audk"},{"vulnerability":"VCID-d3f4-y8af-cbap"},{"vulnerability":"VCID-e2cy-pzgk-9ucu"},{"vulnerability":"VCID-gmg1-md81-3ka6"},{"vulnerability":"VCID-hfvj-pb4z-67av"},{"vulnerability":"VCID-mbbh-g3se-2yen"},{"vulnerability":"VCID-nm47-brfe-rbfu"},{"vulnerability":"VCID-payd-r87h-53cc"},{"vulnerability":"VCID-pxgq-mjwq-bfa7"},{"vulnerability":"VCID-rp48-23m3-h3bx"},{"vulnerability":"VCID-xsrv-ne3r-37ej"},{"vulnerability":"VCID-z7bz-947q-jkgt"},{"vulnerability":"VCID-z8hs-nkmn-dfcs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:7.4p1-10%252Bdeb9u7"}],"aliases":["CVE-2016-3115"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"5.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tq7z-791w-pfgc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/770?format=json","vulnerability_id":"VCID-vb6z-841p-53bn","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10009.json","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10009.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-10009","reference_id":"","reference_type":"","scores":[{"value":"0.01579","scoring_system":"epss","scoring_elements":"0.82046","published_at":"2026-06-12T12:55:00Z"},{"value":"0.01579","scoring_system":"epss","scoring_elements":"0.82047","published_at":"2026-06-14T12:55:00Z"},{"value":"0.01579","scoring_system":"epss","scoring_elements":"0.82055","published_at":"2026-06-13T12:55:00Z"},{"value":"0.01579","scoring_system":"epss","scoring_elements":"0.81985","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-10009"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10009","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10009"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:S/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/07/20/1","reference_id":"1","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:23:45Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/07/20/1"},{"reference_url":"http://www.securitytracker.com/id/1037490","reference_id":"1037490","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:23:45Z/"}],"url":"http://www.securitytracker.com/id/1037490"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1406269","reference_id":"1406269","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1406269"},{"reference_url":"http://www.openwall.com/lists/oss-security/2016/12/19/2","reference_id":"2","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:23:45Z/"}],"url":"http://www.openwall.com/lists/oss-security/2016/12/19/2"},{"reference_url":"http://seclists.org/fulldisclosure/2023/Jul/31","reference_id":"31","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:23:45Z/"}],"url":"http://seclists.org/fulldisclosure/2023/Jul/31"},{"reference_url":"https://usn.ubuntu.com/3538-1/","reference_id":"3538-1","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:23:45Z/"}],"url":"https://usn.ubuntu.com/3538-1/"},{"reference_url":"https://www.exploit-db.com/exploits/40963/","reference_id":"40963","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:23:45Z/"}],"url":"https://www.exploit-db.com/exploits/40963/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=848714","reference_id":"848714","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=848714"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/07/19/9","reference_id":"9","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:23:45Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/07/19/9"},{"reference_url":"https://github.com/openbsd/src/commit/9476ce1dd37d3c3218d5640b74c34c65e5f4efe5","reference_id":"9476ce1dd37d3c3218d5640b74c34c65e5f4efe5","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:23:45Z/"}],"url":"https://github.com/openbsd/src/commit/9476ce1dd37d3c3218d5640b74c34c65e5f4efe5"},{"reference_url":"http://www.securityfocus.com/bid/94968","reference_id":"94968","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:23:45Z/"}],"url":"http://www.securityfocus.com/bid/94968"},{"reference_url":"https://security.archlinux.org/ASA-201612-20","reference_id":"ASA-201612-20","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201612-20"},{"reference_url":"https://security.archlinux.org/AVG-110","reference_id":"AVG-110","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-110"},{"reference_url":"https://bugs.chromium.org/p/project-zero/issues/detail?id=1009","reference_id":"CVE-2016-10009","reference_type":"exploit","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:23:45Z/"}],"url":"https://bugs.chromium.org/p/project-zero/issues/detail?id=1009"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/40963.txt","reference_id":"CVE-2016-10009","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/40963.txt"},{"reference_url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03818en_us","reference_id":"display?docLocale=en_US&docId=emr_na-hpesbux03818en_us","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:23:45Z/"}],"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03818en_us"},{"reference_url":"https://security.FreeBSD.org/advisories/FreeBSD-SA-17:01.openssh.asc","reference_id":"FreeBSD-SA-17:01.openssh.asc","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:23:45Z/"}],"url":"https://security.FreeBSD.org/advisories/FreeBSD-SA-17:01.openssh.asc"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html","reference_id":"msg00010.html","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:23:45Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20171130-0002/","reference_id":"ntap-20171130-0002","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:23:45Z/"}],"url":"https://security.netapp.com/advisory/ntap-20171130-0002/"},{"reference_url":"http://packetstormsecurity.com/files/140261/OpenSSH-Arbitrary-Library-Loading.html","reference_id":"OpenSSH-Arbitrary-Library-Loading.html","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:23:45Z/"}],"url":"http://packetstormsecurity.com/files/140261/OpenSSH-Arbitrary-Library-Loading.html"},{"reference_url":"http://packetstormsecurity.com/files/173661/OpenSSH-Forwarded-SSH-Agent-Remote-Code-Execution.html","reference_id":"OpenSSH-Forwarded-SSH-Agent-Remote-Code-Execution.html","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:23:45Z/"}],"url":"http://packetstormsecurity.com/files/173661/OpenSSH-Forwarded-SSH-Agent-Remote-Code-Execution.html"},{"reference_url":"https://www.openssh.com/txt/release-7.4","reference_id":"release-7.4","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:23:45Z/"}],"url":"https://www.openssh.com/txt/release-7.4"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2029","reference_id":"RHSA-2017:2029","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:23:45Z/"}],"url":"https://access.redhat.com/errata/RHSA-2017:2029"},{"reference_url":"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf","reference_id":"ssa-412672.pdf","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:23:45Z/"}],"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"},{"reference_url":"http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.647637","reference_id":"viewer.php?l=slackware-security&y=2016&m=slackware-security.647637","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:23:45Z/"}],"url":"http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.647637"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1076695?format=json","purl":"pkg:deb/debian/openssh@1:7.4p1-10%2Bdeb9u7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-124c-8gmd-xfb7"},{"vulnerability":"VCID-1k3j-b43t-ckgx"},{"vulnerability":"VCID-29b1-zcfn-1be6"},{"vulnerability":"VCID-358j-tvz2-dbau"},{"vulnerability":"VCID-3ky7-2mqj-q7gh"},{"vulnerability":"VCID-51qb-g51q-b3fd"},{"vulnerability":"VCID-59xb-y4z9-pbfp"},{"vulnerability":"VCID-6ft3-n7d1-53h3"},{"vulnerability":"VCID-98ft-mftn-mfcu"},{"vulnerability":"VCID-c2p7-27z7-5ffc"},{"vulnerability":"VCID-cm2c-arkw-audk"},{"vulnerability":"VCID-d3f4-y8af-cbap"},{"vulnerability":"VCID-e2cy-pzgk-9ucu"},{"vulnerability":"VCID-gmg1-md81-3ka6"},{"vulnerability":"VCID-hfvj-pb4z-67av"},{"vulnerability":"VCID-mbbh-g3se-2yen"},{"vulnerability":"VCID-nm47-brfe-rbfu"},{"vulnerability":"VCID-payd-r87h-53cc"},{"vulnerability":"VCID-pxgq-mjwq-bfa7"},{"vulnerability":"VCID-rp48-23m3-h3bx"},{"vulnerability":"VCID-xsrv-ne3r-37ej"},{"vulnerability":"VCID-z7bz-947q-jkgt"},{"vulnerability":"VCID-z8hs-nkmn-dfcs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:7.4p1-10%252Bdeb9u7"}],"aliases":["CVE-2016-10009"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"6.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vb6z-841p-53bn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/158793?format=json","vulnerability_id":"VCID-vcqw-c3yq-byhs","summary":"Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-6564.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-6564.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-6564","reference_id":"","reference_type":"","scores":[{"value":"0.04139","scoring_system":"epss","scoring_elements":"0.889","published_at":"2026-06-11T12:55:00Z"},{"value":"0.04139","scoring_system":"epss","scoring_elements":"0.88937","published_at":"2026-06-12T12:55:00Z"},{"value":"0.04139","scoring_system":"epss","scoring_elements":"0.88944","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-6564"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6564","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6564"},{"reference_url":"http://www.openwall.com/lists/oss-security/2015/08/22/1","reference_id":"1","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:18:01Z/"}],"url":"http://www.openwall.com/lists/oss-security/2015/08/22/1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1252852","reference_id":"1252852","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1252852"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165170.html","reference_id":"165170.html","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:18:01Z/"}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165170.html"},{"reference_url":"https://security.gentoo.org/glsa/201512-04","reference_id":"201512-04","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:18:01Z/"}],"url":"https://security.gentoo.org/glsa/201512-04"},{"reference_url":"http://seclists.org/fulldisclosure/2015/Aug/54","reference_id":"54","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:18:01Z/"}],"url":"http://seclists.org/fulldisclosure/2015/Aug/54"},{"reference_url":"https://github.com/openssh/openssh-portable/commit/5e75f5198769056089fb06c4d738ab0e5abc66f7","reference_id":"5e75f5198769056089fb06c4d738ab0e5abc66f7","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:18:01Z/"}],"url":"https://github.com/openssh/openssh-portable/commit/5e75f5198769056089fb06c4d738ab0e5abc66f7"},{"reference_url":"http://www.securityfocus.com/bid/76317","reference_id":"76317","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:18:01Z/"}],"url":"http://www.securityfocus.com/bid/76317"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=795711","reference_id":"795711","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=795711"},{"reference_url":"https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-764","reference_id":"brocade-security-advisory-2019-764","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:18:01Z/"}],"url":"https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-764"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html","reference_id":"bulletinjan2016-2867206.html","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:18:01Z/"}],"url":"http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"},{"reference_url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10136","reference_id":"index?page=content&id=SB10136","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:18:01Z/"}],"url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10136"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html","reference_id":"linuxbulletinapr2016-2952096.html","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:18:01Z/"}],"url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html","reference_id":"linuxbulletinoct2015-2719645.html","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:18:01Z/"}],"url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html","reference_id":"msg00010.html","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:18:01Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.html","reference_id":"msg00017.html","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:18:01Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.html"},{"reference_url":"http://www.openssh.com/txt/release-7.0","reference_id":"release-7.0","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:18:01Z/"}],"url":"http://www.openssh.com/txt/release-7.0"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2088","reference_id":"RHSA-2015:2088","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2088"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0741","reference_id":"RHSA-2016:0741","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0741"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-0741.html","reference_id":"RHSA-2016-0741.html","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:18:01Z/"}],"url":"http://rhn.redhat.com/errata/RHSA-2016-0741.html"},{"reference_url":"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf","reference_id":"ssa-412672.pdf","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:18:01Z/"}],"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1076695?format=json","purl":"pkg:deb/debian/openssh@1:7.4p1-10%2Bdeb9u7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-124c-8gmd-xfb7"},{"vulnerability":"VCID-1k3j-b43t-ckgx"},{"vulnerability":"VCID-29b1-zcfn-1be6"},{"vulnerability":"VCID-358j-tvz2-dbau"},{"vulnerability":"VCID-3ky7-2mqj-q7gh"},{"vulnerability":"VCID-51qb-g51q-b3fd"},{"vulnerability":"VCID-59xb-y4z9-pbfp"},{"vulnerability":"VCID-6ft3-n7d1-53h3"},{"vulnerability":"VCID-98ft-mftn-mfcu"},{"vulnerability":"VCID-c2p7-27z7-5ffc"},{"vulnerability":"VCID-cm2c-arkw-audk"},{"vulnerability":"VCID-d3f4-y8af-cbap"},{"vulnerability":"VCID-e2cy-pzgk-9ucu"},{"vulnerability":"VCID-gmg1-md81-3ka6"},{"vulnerability":"VCID-hfvj-pb4z-67av"},{"vulnerability":"VCID-mbbh-g3se-2yen"},{"vulnerability":"VCID-nm47-brfe-rbfu"},{"vulnerability":"VCID-payd-r87h-53cc"},{"vulnerability":"VCID-pxgq-mjwq-bfa7"},{"vulnerability":"VCID-rp48-23m3-h3bx"},{"vulnerability":"VCID-xsrv-ne3r-37ej"},{"vulnerability":"VCID-z7bz-947q-jkgt"},{"vulnerability":"VCID-z8hs-nkmn-dfcs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:7.4p1-10%252Bdeb9u7"}],"aliases":["CVE-2015-6564"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vcqw-c3yq-byhs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1646?format=json","vulnerability_id":"VCID-vfn3-y9yg-3yc7","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6210.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6210.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6210","reference_id":"","reference_type":"","scores":[{"value":"0.90046","scoring_system":"epss","scoring_elements":"0.99602","published_at":"2026-06-11T12:55:00Z"},{"value":"0.90046","scoring_system":"epss","scoring_elements":"0.99603","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6210"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6210","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6210"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"http://www.securitytracker.com/id/1036319","reference_id":"1036319","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:17:34Z/"}],"url":"http://www.securitytracker.com/id/1036319"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1357442","reference_id":"1357442","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1357442"},{"reference_url":"https://security.gentoo.org/glsa/201612-18","reference_id":"201612-18","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:17:34Z/"}],"url":"https://security.gentoo.org/glsa/201612-18"},{"reference_url":"https://www.exploit-db.com/exploits/40113/","reference_id":"40113","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:17:34Z/"}],"url":"https://www.exploit-db.com/exploits/40113/"},{"reference_url":"https://www.exploit-db.com/exploits/40136/","reference_id":"40136","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:17:34Z/"}],"url":"https://www.exploit-db.com/exploits/40136/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=831902","reference_id":"831902","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=831902"},{"reference_url":"http://www.securityfocus.com/bid/91812","reference_id":"91812","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:17:34Z/"}],"url":"http://www.securityfocus.com/bid/91812"},{"reference_url":"http://seclists.org/fulldisclosure/2016/Jul/51","reference_id":"CVE-2016-6210","reference_type":"exploit","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:17:34Z/"}],"url":"http://seclists.org/fulldisclosure/2016/Jul/51"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/40113.txt","reference_id":"CVE-2016-6210","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/40113.txt"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/40136.py","reference_id":"CVE-2016-6210","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/40136.py"},{"reference_url":"http://www.debian.org/security/2016/dsa-3626","reference_id":"dsa-3626","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:17:34Z/"}],"url":"http://www.debian.org/security/2016/dsa-3626"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190206-0001/","reference_id":"ntap-20190206-0001","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:17:34Z/"}],"url":"https://security.netapp.com/advisory/ntap-20190206-0001/"},{"reference_url":"https://www.openssh.com/txt/release-7.3","reference_id":"release-7.3","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:17:34Z/"}],"url":"https://www.openssh.com/txt/release-7.3"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2029","reference_id":"RHSA-2017:2029","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:17:34Z/"}],"url":"https://access.redhat.com/errata/RHSA-2017:2029"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2563","reference_id":"RHSA-2017:2563","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:17:34Z/"}],"url":"https://access.redhat.com/errata/RHSA-2017:2563"},{"reference_url":"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf","reference_id":"ssa-412672.pdf","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:17:34Z/"}],"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"},{"reference_url":"https://usn.ubuntu.com/3061-1/","reference_id":"USN-3061-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3061-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1074333?format=json","purl":"pkg:deb/debian/openssh@1:6.7p1-5%2Bdeb8u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-124c-8gmd-xfb7"},{"vulnerability":"VCID-1k3j-b43t-ckgx"},{"vulnerability":"VCID-29b1-zcfn-1be6"},{"vulnerability":"VCID-358j-tvz2-dbau"},{"vulnerability":"VCID-3ky7-2mqj-q7gh"},{"vulnerability":"VCID-3rbw-3649-xkgw"},{"vulnerability":"VCID-51qb-g51q-b3fd"},{"vulnerability":"VCID-59xb-y4z9-pbfp"},{"vulnerability":"VCID-6c6q-52re-zqdc"},{"vulnerability":"VCID-6ft3-n7d1-53h3"},{"vulnerability":"VCID-8mhg-d4md-sbd7"},{"vulnerability":"VCID-98ft-mftn-mfcu"},{"vulnerability":"VCID-9ycf-2n8g-tyg6"},{"vulnerability":"VCID-amga-n7sa-zket"},{"vulnerability":"VCID-b8pn-bg8e-vyca"},{"vulnerability":"VCID-bnpz-2y49-33cy"},{"vulnerability":"VCID-c2p7-27z7-5ffc"},{"vulnerability":"VCID-cm2c-arkw-audk"},{"vulnerability":"VCID-d3f4-y8af-cbap"},{"vulnerability":"VCID-dk18-vmt4-6yar"},{"vulnerability":"VCID-dscc-v22m-uyab"},{"vulnerability":"VCID-e2cy-pzgk-9ucu"},{"vulnerability":"VCID-eens-u1sp-17em"},{"vulnerability":"VCID-ga81-2agq-dfca"},{"vulnerability":"VCID-gmg1-md81-3ka6"},{"vulnerability":"VCID-gvwt-pjzt-dbdw"},{"vulnerability":"VCID-hds4-e8hn-rkhy"},{"vulnerability":"VCID-hfvj-pb4z-67av"},{"vulnerability":"VCID-kcgk-nx2a-cqc4"},{"vulnerability":"VCID-mbbh-g3se-2yen"},{"vulnerability":"VCID-nm47-brfe-rbfu"},{"vulnerability":"VCID-payd-r87h-53cc"},{"vulnerability":"VCID-pxgq-mjwq-bfa7"},{"vulnerability":"VCID-rp48-23m3-h3bx"},{"vulnerability":"VCID-tq7z-791w-pfgc"},{"vulnerability":"VCID-vb6z-841p-53bn"},{"vulnerability":"VCID-vcqw-c3yq-byhs"},{"vulnerability":"VCID-vfn3-y9yg-3yc7"},{"vulnerability":"VCID-xsrv-ne3r-37ej"},{"vulnerability":"VCID-z7bz-947q-jkgt"},{"vulnerability":"VCID-z8hs-nkmn-dfcs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:6.7p1-5%252Bdeb8u4"},{"url":"http://public2.vulnerablecode.io/api/packages/1076695?format=json","purl":"pkg:deb/debian/openssh@1:7.4p1-10%2Bdeb9u7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-124c-8gmd-xfb7"},{"vulnerability":"VCID-1k3j-b43t-ckgx"},{"vulnerability":"VCID-29b1-zcfn-1be6"},{"vulnerability":"VCID-358j-tvz2-dbau"},{"vulnerability":"VCID-3ky7-2mqj-q7gh"},{"vulnerability":"VCID-51qb-g51q-b3fd"},{"vulnerability":"VCID-59xb-y4z9-pbfp"},{"vulnerability":"VCID-6ft3-n7d1-53h3"},{"vulnerability":"VCID-98ft-mftn-mfcu"},{"vulnerability":"VCID-c2p7-27z7-5ffc"},{"vulnerability":"VCID-cm2c-arkw-audk"},{"vulnerability":"VCID-d3f4-y8af-cbap"},{"vulnerability":"VCID-e2cy-pzgk-9ucu"},{"vulnerability":"VCID-gmg1-md81-3ka6"},{"vulnerability":"VCID-hfvj-pb4z-67av"},{"vulnerability":"VCID-mbbh-g3se-2yen"},{"vulnerability":"VCID-nm47-brfe-rbfu"},{"vulnerability":"VCID-payd-r87h-53cc"},{"vulnerability":"VCID-pxgq-mjwq-bfa7"},{"vulnerability":"VCID-rp48-23m3-h3bx"},{"vulnerability":"VCID-xsrv-ne3r-37ej"},{"vulnerability":"VCID-z7bz-947q-jkgt"},{"vulnerability":"VCID-z8hs-nkmn-dfcs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:7.4p1-10%252Bdeb9u7"}],"aliases":["CVE-2016-6210"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"5.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vfn3-y9yg-3yc7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16152?format=json","vulnerability_id":"VCID-xsrv-ne3r-37ej","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-51385.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-51385.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-51385","reference_id":"","reference_type":"","scores":[{"value":"0.17234","scoring_system":"epss","scoring_elements":"0.95175","published_at":"2026-06-11T12:55:00Z"},{"value":"0.18499","scoring_system":"epss","scoring_elements":"0.95414","published_at":"2026-06-13T12:55:00Z"},{"value":"0.18499","scoring_system":"epss","scoring_elements":"0.95409","published_at":"2026-06-12T12:55:00Z"},{"value":"0.18499","scoring_system":"epss","scoring_elements":"0.95415","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-51385"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51385","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51385"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://www.openwall.com/lists/oss-security/2023/12/18/2","reference_id":"2","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-08-15T14:20:00Z/"}],"url":"https://www.openwall.com/lists/oss-security/2023/12/18/2"},{"reference_url":"https://security.gentoo.org/glsa/202312-17","reference_id":"202312-17","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-08-15T14:20:00Z/"}],"url":"https://security.gentoo.org/glsa/202312-17"},{"reference_url":"http://seclists.org/fulldisclosure/2024/Mar/21","reference_id":"21","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-08-15T14:20:00Z/"}],"url":"http://seclists.org/fulldisclosure/2024/Mar/21"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2255271","reference_id":"2255271","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2255271"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/12/26/4","reference_id":"4","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-08-15T14:20:00Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/12/26/4"},{"reference_url":"https://github.com/openssh/openssh-portable/commit/7ef3787c84b6b524501211b11a26c742f829af1a","reference_id":"7ef3787c84b6b524501211b11a26c742f829af1a","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-08-15T14:20:00Z/"}],"url":"https://github.com/openssh/openssh-portable/commit/7ef3787c84b6b524501211b11a26c742f829af1a"},{"reference_url":"https://www.debian.org/security/2023/dsa-5586","reference_id":"dsa-5586","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-08-15T14:20:00Z/"}],"url":"https://www.debian.org/security/2023/dsa-5586"},{"reference_url":"https://support.apple.com/kb/HT214084","reference_id":"HT214084","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-08-15T14:20:00Z/"}],"url":"https://support.apple.com/kb/HT214084"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html","reference_id":"msg00017.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-08-15T14:20:00Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240105-0005/","reference_id":"ntap-20240105-0005","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-08-15T14:20:00Z/"}],"url":"https://security.netapp.com/advisory/ntap-20240105-0005/"},{"reference_url":"https://vin01.github.io/piptagole/ssh/security/openssh/libssh/remote-code-execution/2023/12/20/openssh-proxycommand-libssh-rce.html","reference_id":"openssh-proxycommand-libssh-rce.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-08-15T14:20:00Z/"}],"url":"https://vin01.github.io/piptagole/ssh/security/openssh/libssh/remote-code-execution/2023/12/20/openssh-proxycommand-libssh-rce.html"},{"reference_url":"https://www.openssh.com/txt/release-9.6","reference_id":"release-9.6","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-08-15T14:20:00Z/"}],"url":"https://www.openssh.com/txt/release-9.6"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0429","reference_id":"RHSA-2024:0429","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0429"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0455","reference_id":"RHSA-2024:0455","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0455"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0594","reference_id":"RHSA-2024:0594","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0594"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0606","reference_id":"RHSA-2024:0606","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0606"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1130","reference_id":"RHSA-2024:1130","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1130"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1383","reference_id":"RHSA-2024:1383","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1383"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1790","reference_id":"RHSA-2026:1790","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1790"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22329","reference_id":"RHSA-2026:22329","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22329"},{"reference_url":"https://usn.ubuntu.com/6560-2/","reference_id":"USN-6560-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6560-2/"},{"reference_url":"https://usn.ubuntu.com/6560-3/","reference_id":"USN-6560-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6560-3/"},{"reference_url":"https://usn.ubuntu.com/6565-1/","reference_id":"USN-6565-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6565-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1079932?format=json","purl":"pkg:deb/debian/openssh@1:8.4p1-5%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-124c-8gmd-xfb7"},{"vulnerability":"VCID-358j-tvz2-dbau"},{"vulnerability":"VCID-3ky7-2mqj-q7gh"},{"vulnerability":"VCID-51qb-g51q-b3fd"},{"vulnerability":"VCID-98ft-mftn-mfcu"},{"vulnerability":"VCID-c2p7-27z7-5ffc"},{"vulnerability":"VCID-hfvj-pb4z-67av"},{"vulnerability":"VCID-mbbh-g3se-2yen"},{"vulnerability":"VCID-rp48-23m3-h3bx"},{"vulnerability":"VCID-yje6-k29k-fkch"},{"vulnerability":"VCID-z7bz-947q-jkgt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:8.4p1-5%252Bdeb11u3"}],"aliases":["CVE-2023-51385"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xsrv-ne3r-37ej"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/25795?format=json","vulnerability_id":"VCID-z7bz-947q-jkgt","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61985.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61985.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-61985","reference_id":"","reference_type":"","scores":[{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19395","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19564","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19588","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19568","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-61985"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61985","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61985"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://www.openwall.com/lists/oss-security/2025/10/06/1","reference_id":"1","reference_type":"","scores":[{"value":"3.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-06T18:33:49Z/"}],"url":"https://www.openwall.com/lists/oss-security/2025/10/06/1"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117530","reference_id":"1117530","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117530"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2401962","reference_id":"2401962","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2401962"},{"reference_url":"https://marc.info/?l=openssh-unix-dev&m=175974522032149&w=2","reference_id":"?l=openssh-unix-dev&m=175974522032149&w=2","reference_type":"","scores":[{"value":"3.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-06T18:33:49Z/"}],"url":"https://marc.info/?l=openssh-unix-dev&m=175974522032149&w=2"},{"reference_url":"https://www.openssh.com/releasenotes.html#10.1p1","reference_id":"releasenotes.html#10.1p1","reference_type":"","scores":[{"value":"3.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-06T18:33:49Z/"}],"url":"https://www.openssh.com/releasenotes.html#10.1p1"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23479","reference_id":"RHSA-2025:23479","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23479"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23480","reference_id":"RHSA-2025:23480","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23480"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23481","reference_id":"RHSA-2025:23481","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23481"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0414","reference_id":"RHSA-2026:0414","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0414"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0685","reference_id":"RHSA-2026:0685","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0685"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0693","reference_id":"RHSA-2026:0693","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0693"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0976","reference_id":"RHSA-2026:0976","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0976"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1652","reference_id":"RHSA-2026:1652","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1652"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1678","reference_id":"RHSA-2026:1678","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1678"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1790","reference_id":"RHSA-2026:1790","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1790"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1815","reference_id":"RHSA-2026:1815","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1815"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1858","reference_id":"RHSA-2026:1858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5475","reference_id":"RHSA-2026:5475","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5475"},{"reference_url":"https://usn.ubuntu.com/8090-1/","reference_id":"USN-8090-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8090-1/"},{"reference_url":"https://usn.ubuntu.com/8090-2/","reference_id":"USN-8090-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8090-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1079933?format=json","purl":"pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:9.2p1-2%252Bdeb12u7"}],"aliases":["CVE-2025-61985"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z7bz-947q-jkgt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7132?format=json","vulnerability_id":"VCID-z8hs-nkmn-dfcs","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-6109.json","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-6109.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-6109","reference_id":"","reference_type":"","scores":[{"value":"0.09738","scoring_system":"epss","scoring_elements":"0.93139","published_at":"2026-06-12T12:55:00Z"},{"value":"0.09738","scoring_system":"epss","scoring_elements":"0.93117","published_at":"2026-06-11T12:55:00Z"},{"value":"0.09738","scoring_system":"epss","scoring_elements":"0.9314","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-6109"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20685","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20685"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6109","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6109"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6111","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6111"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1666119","reference_id":"1666119","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1666119"},{"reference_url":"https://security.gentoo.org/glsa/201903-16","reference_id":"201903-16","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:13:52Z/"}],"url":"https://security.gentoo.org/glsa/201903-16"},{"reference_url":"https://usn.ubuntu.com/3885-1/","reference_id":"3885-1","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:13:52Z/"}],"url":"https://usn.ubuntu.com/3885-1/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=793412","reference_id":"793412","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=793412"},{"reference_url":"https://security.archlinux.org/ASA-201904-11","reference_id":"ASA-201904-11","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201904-11"},{"reference_url":"https://security.archlinux.org/AVG-951","reference_id":"AVG-951","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-951"},{"reference_url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","reference_id":"cpuoct2019-5072832.html","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:13:52Z/"}],"url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"},{"reference_url":"https://www.debian.org/security/2019/dsa-4387","reference_id":"dsa-4387","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:13:52Z/"}],"url":"https://www.debian.org/security/2019/dsa-4387"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html","reference_id":"msg00030.html","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:13:52Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00058.html","reference_id":"msg00058.html","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:13:52Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00058.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190213-0001/","reference_id":"ntap-20190213-0001","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:13:52Z/"}],"url":"https://security.netapp.com/advisory/ntap-20190213-0001/"},{"reference_url":"https://cvsweb.openbsd.org/src/usr.bin/ssh/progressmeter.c","reference_id":"progressmeter.c","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:13:52Z/"}],"url":"https://cvsweb.openbsd.org/src/usr.bin/ssh/progressmeter.c"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3702","reference_id":"RHSA-2019:3702","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:13:52Z/"}],"url":"https://access.redhat.com/errata/RHSA-2019:3702"},{"reference_url":"https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c","reference_id":"scp.c","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:13:52Z/"}],"url":"https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c"},{"reference_url":"https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt","reference_id":"scp-client-multiple-vulnerabilities.txt","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:13:52Z/"}],"url":"https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt"},{"reference_url":"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf","reference_id":"ssa-412672.pdf","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:13:52Z/"}],"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W3YVQ2BPTOVDCFDVNC2GGF5P5ISFG37G/","reference_id":"W3YVQ2BPTOVDCFDVNC2GGF5P5ISFG37G","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:13:52Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W3YVQ2BPTOVDCFDVNC2GGF5P5ISFG37G/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1076695?format=json","purl":"pkg:deb/debian/openssh@1:7.4p1-10%2Bdeb9u7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-124c-8gmd-xfb7"},{"vulnerability":"VCID-1k3j-b43t-ckgx"},{"vulnerability":"VCID-29b1-zcfn-1be6"},{"vulnerability":"VCID-358j-tvz2-dbau"},{"vulnerability":"VCID-3ky7-2mqj-q7gh"},{"vulnerability":"VCID-51qb-g51q-b3fd"},{"vulnerability":"VCID-59xb-y4z9-pbfp"},{"vulnerability":"VCID-6ft3-n7d1-53h3"},{"vulnerability":"VCID-98ft-mftn-mfcu"},{"vulnerability":"VCID-c2p7-27z7-5ffc"},{"vulnerability":"VCID-cm2c-arkw-audk"},{"vulnerability":"VCID-d3f4-y8af-cbap"},{"vulnerability":"VCID-e2cy-pzgk-9ucu"},{"vulnerability":"VCID-gmg1-md81-3ka6"},{"vulnerability":"VCID-hfvj-pb4z-67av"},{"vulnerability":"VCID-mbbh-g3se-2yen"},{"vulnerability":"VCID-nm47-brfe-rbfu"},{"vulnerability":"VCID-payd-r87h-53cc"},{"vulnerability":"VCID-pxgq-mjwq-bfa7"},{"vulnerability":"VCID-rp48-23m3-h3bx"},{"vulnerability":"VCID-xsrv-ne3r-37ej"},{"vulnerability":"VCID-z7bz-947q-jkgt"},{"vulnerability":"VCID-z8hs-nkmn-dfcs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:7.4p1-10%252Bdeb9u7"},{"url":"http://public2.vulnerablecode.io/api/packages/1078456?format=json","purl":"pkg:deb/debian/openssh@1:7.9p1-10%2Bdeb10u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-124c-8gmd-xfb7"},{"vulnerability":"VCID-1k3j-b43t-ckgx"},{"vulnerability":"VCID-29b1-zcfn-1be6"},{"vulnerability":"VCID-358j-tvz2-dbau"},{"vulnerability":"VCID-3ky7-2mqj-q7gh"},{"vulnerability":"VCID-51qb-g51q-b3fd"},{"vulnerability":"VCID-6ft3-n7d1-53h3"},{"vulnerability":"VCID-98ft-mftn-mfcu"},{"vulnerability":"VCID-c2p7-27z7-5ffc"},{"vulnerability":"VCID-cm2c-arkw-audk"},{"vulnerability":"VCID-hfvj-pb4z-67av"},{"vulnerability":"VCID-mbbh-g3se-2yen"},{"vulnerability":"VCID-nm47-brfe-rbfu"},{"vulnerability":"VCID-payd-r87h-53cc"},{"vulnerability":"VCID-rp48-23m3-h3bx"},{"vulnerability":"VCID-xsrv-ne3r-37ej"},{"vulnerability":"VCID-z7bz-947q-jkgt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:7.9p1-10%252Bdeb10u2"}],"aliases":["CVE-2019-6109"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z8hs-nkmn-dfcs"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/111617?format=json","vulnerability_id":"VCID-67qq-6dzp-d7ck","summary":"security update","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2653.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2653.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-2653","reference_id":"","reference_type":"","scores":[{"value":"0.02148","scoring_system":"epss","scoring_elements":"0.84607","published_at":"2026-06-11T12:55:00Z"},{"value":"0.02148","scoring_system":"epss","scoring_elements":"0.84663","published_at":"2026-06-14T12:55:00Z"},{"value":"0.02148","scoring_system":"epss","scoring_elements":"0.8467","published_at":"2026-06-13T12:55:00Z"},{"value":"0.02148","scoring_system":"epss","scoring_elements":"0.8466","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-2653"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2532","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2532"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2653","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2653"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1081338","reference_id":"1081338","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1081338"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133537.html","reference_id":"133537.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:42:46Z/"}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133537.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134026.html","reference_id":"134026.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:42:46Z/"}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134026.html"},{"reference_url":"http://secunia.com/advisories/59855","reference_id":"59855","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:42:46Z/"}],"url":"http://secunia.com/advisories/59855"},{"reference_url":"http://www.securityfocus.com/bid/66459","reference_id":"66459","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:42:46Z/"}],"url":"http://www.securityfocus.com/bid/66459"},{"reference_url":"http://openwall.com/lists/oss-security/2014/03/26/7","reference_id":"7","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:42:46Z/"}],"url":"http://openwall.com/lists/oss-security/2014/03/26/7"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2014:068","reference_id":"advisories?name=MDVSA-2014:068","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:42:46Z/"}],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2014:068"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:095","reference_id":"advisories?name=MDVSA-2015:095","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:42:46Z/"}],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:095"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742513","reference_id":"bugreport.cgi?bug=742513","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:42:46Z/"}],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742513"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html","reference_id":"bulletinoct2015-2511968.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:42:46Z/"}],"url":"http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"},{"reference_url":"http://www.debian.org/security/2014/dsa-2894","reference_id":"dsa-2894","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:42:46Z/"}],"url":"http://www.debian.org/security/2014/dsa-2894"},{"reference_url":"http://marc.info/?l=bugtraq&m=141576985122836&w=2","reference_id":"?l=bugtraq&m=141576985122836&w=2","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:42:46Z/"}],"url":"http://marc.info/?l=bugtraq&m=141576985122836&w=2"},{"reference_url":"http://advisories.mageia.org/MGASA-2014-0166.html","reference_id":"MGASA-2014-0166.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:42:46Z/"}],"url":"http://advisories.mageia.org/MGASA-2014-0166.html"},{"reference_url":"http://aix.software.ibm.com/aix/efixes/security/openssh_advisory4.asc","reference_id":"openssh_advisory4.asc","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:42:46Z/"}],"url":"http://aix.software.ibm.com/aix/efixes/security/openssh_advisory4.asc"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1552","reference_id":"RHSA-2014:1552","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1552"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-1552.html","reference_id":"RHSA-2014-1552.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:42:46Z/"}],"url":"http://rhn.redhat.com/errata/RHSA-2014-1552.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0425","reference_id":"RHSA-2015:0425","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0425"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0425.html","reference_id":"RHSA-2015-0425.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:42:46Z/"}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0425.html"},{"reference_url":"https://usn.ubuntu.com/2164-1/","reference_id":"USN-2164-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2164-1/"},{"reference_url":"http://www.ubuntu.com/usn/USN-2164-1","reference_id":"USN-2164-1","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:42:46Z/"}],"url":"http://www.ubuntu.com/usn/USN-2164-1"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1072298?format=json","purl":"pkg:deb/debian/openssh@1:6.0p1-4%2Bdeb7u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-124c-8gmd-xfb7"},{"vulnerability":"VCID-1k3j-b43t-ckgx"},{"vulnerability":"VCID-29b1-zcfn-1be6"},{"vulnerability":"VCID-358j-tvz2-dbau"},{"vulnerability":"VCID-3ky7-2mqj-q7gh"},{"vulnerability":"VCID-3rbw-3649-xkgw"},{"vulnerability":"VCID-51qb-g51q-b3fd"},{"vulnerability":"VCID-59xb-y4z9-pbfp"},{"vulnerability":"VCID-67qq-6dzp-d7ck"},{"vulnerability":"VCID-6c6q-52re-zqdc"},{"vulnerability":"VCID-6ft3-n7d1-53h3"},{"vulnerability":"VCID-8mhg-d4md-sbd7"},{"vulnerability":"VCID-98ft-mftn-mfcu"},{"vulnerability":"VCID-9ycf-2n8g-tyg6"},{"vulnerability":"VCID-amga-n7sa-zket"},{"vulnerability":"VCID-aws5-8ugp-f3cb"},{"vulnerability":"VCID-b8pn-bg8e-vyca"},{"vulnerability":"VCID-bnpz-2y49-33cy"},{"vulnerability":"VCID-c2p7-27z7-5ffc"},{"vulnerability":"VCID-cm2c-arkw-audk"},{"vulnerability":"VCID-d3f4-y8af-cbap"},{"vulnerability":"VCID-dk18-vmt4-6yar"},{"vulnerability":"VCID-dscc-v22m-uyab"},{"vulnerability":"VCID-e2cy-pzgk-9ucu"},{"vulnerability":"VCID-eens-u1sp-17em"},{"vulnerability":"VCID-ga81-2agq-dfca"},{"vulnerability":"VCID-gmg1-md81-3ka6"},{"vulnerability":"VCID-gvwt-pjzt-dbdw"},{"vulnerability":"VCID-hds4-e8hn-rkhy"},{"vulnerability":"VCID-hfvj-pb4z-67av"},{"vulnerability":"VCID-kcgk-nx2a-cqc4"},{"vulnerability":"VCID-mbbh-g3se-2yen"},{"vulnerability":"VCID-nm47-brfe-rbfu"},{"vulnerability":"VCID-payd-r87h-53cc"},{"vulnerability":"VCID-pxgq-mjwq-bfa7"},{"vulnerability":"VCID-rp48-23m3-h3bx"},{"vulnerability":"VCID-tq7z-791w-pfgc"},{"vulnerability":"VCID-vb6z-841p-53bn"},{"vulnerability":"VCID-vcqw-c3yq-byhs"},{"vulnerability":"VCID-vfn3-y9yg-3yc7"},{"vulnerability":"VCID-xsrv-ne3r-37ej"},{"vulnerability":"VCID-yujg-r2qc-n7br"},{"vulnerability":"VCID-z7bz-947q-jkgt"},{"vulnerability":"VCID-z8hs-nkmn-dfcs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:6.0p1-4%252Bdeb7u4"},{"url":"http://public2.vulnerablecode.io/api/packages/1074331?format=json","purl":"pkg:deb/debian/openssh@1:6.6p1-4~bpo70%2B1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-124c-8gmd-xfb7"},{"vulnerability":"VCID-1k3j-b43t-ckgx"},{"vulnerability":"VCID-29b1-zcfn-1be6"},{"vulnerability":"VCID-358j-tvz2-dbau"},{"vulnerability":"VCID-3ky7-2mqj-q7gh"},{"vulnerability":"VCID-3rbw-3649-xkgw"},{"vulnerability":"VCID-51qb-g51q-b3fd"},{"vulnerability":"VCID-59xb-y4z9-pbfp"},{"vulnerability":"VCID-6c6q-52re-zqdc"},{"vulnerability":"VCID-6ft3-n7d1-53h3"},{"vulnerability":"VCID-8mhg-d4md-sbd7"},{"vulnerability":"VCID-98ft-mftn-mfcu"},{"vulnerability":"VCID-9ycf-2n8g-tyg6"},{"vulnerability":"VCID-amga-n7sa-zket"},{"vulnerability":"VCID-b8pn-bg8e-vyca"},{"vulnerability":"VCID-bnpz-2y49-33cy"},{"vulnerability":"VCID-c2p7-27z7-5ffc"},{"vulnerability":"VCID-cm2c-arkw-audk"},{"vulnerability":"VCID-d3f4-y8af-cbap"},{"vulnerability":"VCID-dk18-vmt4-6yar"},{"vulnerability":"VCID-dscc-v22m-uyab"},{"vulnerability":"VCID-e2cy-pzgk-9ucu"},{"vulnerability":"VCID-eens-u1sp-17em"},{"vulnerability":"VCID-ga81-2agq-dfca"},{"vulnerability":"VCID-gmg1-md81-3ka6"},{"vulnerability":"VCID-gvwt-pjzt-dbdw"},{"vulnerability":"VCID-hds4-e8hn-rkhy"},{"vulnerability":"VCID-hfvj-pb4z-67av"},{"vulnerability":"VCID-kcgk-nx2a-cqc4"},{"vulnerability":"VCID-mbbh-g3se-2yen"},{"vulnerability":"VCID-nm47-brfe-rbfu"},{"vulnerability":"VCID-payd-r87h-53cc"},{"vulnerability":"VCID-pxgq-mjwq-bfa7"},{"vulnerability":"VCID-rp48-23m3-h3bx"},{"vulnerability":"VCID-tq7z-791w-pfgc"},{"vulnerability":"VCID-vb6z-841p-53bn"},{"vulnerability":"VCID-vcqw-c3yq-byhs"},{"vulnerability":"VCID-vfn3-y9yg-3yc7"},{"vulnerability":"VCID-xsrv-ne3r-37ej"},{"vulnerability":"VCID-z7bz-947q-jkgt"},{"vulnerability":"VCID-z8hs-nkmn-dfcs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:6.6p1-4~bpo70%252B1"}],"aliases":["CVE-2014-2653"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-67qq-6dzp-d7ck"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/199?format=json","vulnerability_id":"VCID-aws5-8ugp-f3cb","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2532.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2532.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-2532","reference_id":"","reference_type":"","scores":[{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.2815","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.27952","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28163","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28174","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-2532"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2532","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2532"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2653","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2653"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"http://www.securitytracker.com/id/1029925","reference_id":"1029925","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:40:36Z/"}],"url":"http://www.securitytracker.com/id/1029925"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1077843","reference_id":"1077843","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1077843"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133537.html","reference_id":"133537.html","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:40:36Z/"}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133537.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134026.html","reference_id":"134026.html","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:40:36Z/"}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134026.html"},{"reference_url":"http://secunia.com/advisories/57488","reference_id":"57488","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:40:36Z/"}],"url":"http://secunia.com/advisories/57488"},{"reference_url":"http://secunia.com/advisories/57574","reference_id":"57574","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:40:36Z/"}],"url":"http://secunia.com/advisories/57574"},{"reference_url":"http://secunia.com/advisories/59313","reference_id":"59313","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:40:36Z/"}],"url":"http://secunia.com/advisories/59313"},{"reference_url":"http://secunia.com/advisories/59855","reference_id":"59855","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:40:36Z/"}],"url":"http://secunia.com/advisories/59855"},{"reference_url":"http://www.securityfocus.com/bid/66355","reference_id":"66355","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:40:36Z/"}],"url":"http://www.securityfocus.com/bid/66355"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/91986","reference_id":"91986","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:40:36Z/"}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/91986"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2014:068","reference_id":"advisories?name=MDVSA-2014:068","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:40:36Z/"}],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2014:068"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:095","reference_id":"advisories?name=MDVSA-2015:095","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:40:36Z/"}],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:095"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html","reference_id":"cpuapr2016v3-2985753.html","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:40:36Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","reference_id":"cpujul2018-4258247.html","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:40:36Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html","reference_id":"cpuoct2016-2881722.html","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:40:36Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"},{"reference_url":"http://www.debian.org/security/2014/dsa-2894","reference_id":"dsa-2894","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:40:36Z/"}],"url":"http://www.debian.org/security/2014/dsa-2894"},{"reference_url":"https://security.gentoo.org/glsa/201405-06","reference_id":"GLSA-201405-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201405-06"},{"reference_url":"https://support.apple.com/HT205267","reference_id":"HT205267","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:40:36Z/"}],"url":"https://support.apple.com/HT205267"},{"reference_url":"http://marc.info/?l=bugtraq&m=141576985122836&w=2","reference_id":"?l=bugtraq&m=141576985122836&w=2","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:40:36Z/"}],"url":"http://marc.info/?l=bugtraq&m=141576985122836&w=2"},{"reference_url":"http://marc.info/?l=openbsd-security-announce&m=139492048027313&w=2","reference_id":"?l=openbsd-security-announce&m=139492048027313&w=2","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:40:36Z/"}],"url":"http://marc.info/?l=openbsd-security-announce&m=139492048027313&w=2"},{"reference_url":"http://advisories.mageia.org/MGASA-2014-0143.html","reference_id":"MGASA-2014-0143.html","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:40:36Z/"}],"url":"http://advisories.mageia.org/MGASA-2014-0143.html"},{"reference_url":"http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html","reference_id":"msg00008.html","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:40:36Z/"}],"url":"http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html"},{"reference_url":"http://aix.software.ibm.com/aix/efixes/security/openssh_advisory4.asc","reference_id":"openssh_advisory4.asc","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:40:36Z/"}],"url":"http://aix.software.ibm.com/aix/efixes/security/openssh_advisory4.asc"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1552","reference_id":"RHSA-2014:1552","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1552"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-1552.html","reference_id":"RHSA-2014-1552.html","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:40:36Z/"}],"url":"http://rhn.redhat.com/errata/RHSA-2014-1552.html"},{"reference_url":"https://usn.ubuntu.com/2155-1/","reference_id":"USN-2155-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2155-1/"},{"reference_url":"http://www.ubuntu.com/usn/USN-2155-1","reference_id":"USN-2155-1","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:40:36Z/"}],"url":"http://www.ubuntu.com/usn/USN-2155-1"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1072298?format=json","purl":"pkg:deb/debian/openssh@1:6.0p1-4%2Bdeb7u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-124c-8gmd-xfb7"},{"vulnerability":"VCID-1k3j-b43t-ckgx"},{"vulnerability":"VCID-29b1-zcfn-1be6"},{"vulnerability":"VCID-358j-tvz2-dbau"},{"vulnerability":"VCID-3ky7-2mqj-q7gh"},{"vulnerability":"VCID-3rbw-3649-xkgw"},{"vulnerability":"VCID-51qb-g51q-b3fd"},{"vulnerability":"VCID-59xb-y4z9-pbfp"},{"vulnerability":"VCID-67qq-6dzp-d7ck"},{"vulnerability":"VCID-6c6q-52re-zqdc"},{"vulnerability":"VCID-6ft3-n7d1-53h3"},{"vulnerability":"VCID-8mhg-d4md-sbd7"},{"vulnerability":"VCID-98ft-mftn-mfcu"},{"vulnerability":"VCID-9ycf-2n8g-tyg6"},{"vulnerability":"VCID-amga-n7sa-zket"},{"vulnerability":"VCID-aws5-8ugp-f3cb"},{"vulnerability":"VCID-b8pn-bg8e-vyca"},{"vulnerability":"VCID-bnpz-2y49-33cy"},{"vulnerability":"VCID-c2p7-27z7-5ffc"},{"vulnerability":"VCID-cm2c-arkw-audk"},{"vulnerability":"VCID-d3f4-y8af-cbap"},{"vulnerability":"VCID-dk18-vmt4-6yar"},{"vulnerability":"VCID-dscc-v22m-uyab"},{"vulnerability":"VCID-e2cy-pzgk-9ucu"},{"vulnerability":"VCID-eens-u1sp-17em"},{"vulnerability":"VCID-ga81-2agq-dfca"},{"vulnerability":"VCID-gmg1-md81-3ka6"},{"vulnerability":"VCID-gvwt-pjzt-dbdw"},{"vulnerability":"VCID-hds4-e8hn-rkhy"},{"vulnerability":"VCID-hfvj-pb4z-67av"},{"vulnerability":"VCID-kcgk-nx2a-cqc4"},{"vulnerability":"VCID-mbbh-g3se-2yen"},{"vulnerability":"VCID-nm47-brfe-rbfu"},{"vulnerability":"VCID-payd-r87h-53cc"},{"vulnerability":"VCID-pxgq-mjwq-bfa7"},{"vulnerability":"VCID-rp48-23m3-h3bx"},{"vulnerability":"VCID-tq7z-791w-pfgc"},{"vulnerability":"VCID-vb6z-841p-53bn"},{"vulnerability":"VCID-vcqw-c3yq-byhs"},{"vulnerability":"VCID-vfn3-y9yg-3yc7"},{"vulnerability":"VCID-xsrv-ne3r-37ej"},{"vulnerability":"VCID-yujg-r2qc-n7br"},{"vulnerability":"VCID-z7bz-947q-jkgt"},{"vulnerability":"VCID-z8hs-nkmn-dfcs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:6.0p1-4%252Bdeb7u4"},{"url":"http://public2.vulnerablecode.io/api/packages/1074331?format=json","purl":"pkg:deb/debian/openssh@1:6.6p1-4~bpo70%2B1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-124c-8gmd-xfb7"},{"vulnerability":"VCID-1k3j-b43t-ckgx"},{"vulnerability":"VCID-29b1-zcfn-1be6"},{"vulnerability":"VCID-358j-tvz2-dbau"},{"vulnerability":"VCID-3ky7-2mqj-q7gh"},{"vulnerability":"VCID-3rbw-3649-xkgw"},{"vulnerability":"VCID-51qb-g51q-b3fd"},{"vulnerability":"VCID-59xb-y4z9-pbfp"},{"vulnerability":"VCID-6c6q-52re-zqdc"},{"vulnerability":"VCID-6ft3-n7d1-53h3"},{"vulnerability":"VCID-8mhg-d4md-sbd7"},{"vulnerability":"VCID-98ft-mftn-mfcu"},{"vulnerability":"VCID-9ycf-2n8g-tyg6"},{"vulnerability":"VCID-amga-n7sa-zket"},{"vulnerability":"VCID-b8pn-bg8e-vyca"},{"vulnerability":"VCID-bnpz-2y49-33cy"},{"vulnerability":"VCID-c2p7-27z7-5ffc"},{"vulnerability":"VCID-cm2c-arkw-audk"},{"vulnerability":"VCID-d3f4-y8af-cbap"},{"vulnerability":"VCID-dk18-vmt4-6yar"},{"vulnerability":"VCID-dscc-v22m-uyab"},{"vulnerability":"VCID-e2cy-pzgk-9ucu"},{"vulnerability":"VCID-eens-u1sp-17em"},{"vulnerability":"VCID-ga81-2agq-dfca"},{"vulnerability":"VCID-gmg1-md81-3ka6"},{"vulnerability":"VCID-gvwt-pjzt-dbdw"},{"vulnerability":"VCID-hds4-e8hn-rkhy"},{"vulnerability":"VCID-hfvj-pb4z-67av"},{"vulnerability":"VCID-kcgk-nx2a-cqc4"},{"vulnerability":"VCID-mbbh-g3se-2yen"},{"vulnerability":"VCID-nm47-brfe-rbfu"},{"vulnerability":"VCID-payd-r87h-53cc"},{"vulnerability":"VCID-pxgq-mjwq-bfa7"},{"vulnerability":"VCID-rp48-23m3-h3bx"},{"vulnerability":"VCID-tq7z-791w-pfgc"},{"vulnerability":"VCID-vb6z-841p-53bn"},{"vulnerability":"VCID-vcqw-c3yq-byhs"},{"vulnerability":"VCID-vfn3-y9yg-3yc7"},{"vulnerability":"VCID-xsrv-ne3r-37ej"},{"vulnerability":"VCID-z7bz-947q-jkgt"},{"vulnerability":"VCID-z8hs-nkmn-dfcs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:6.6p1-4~bpo70%252B1"}],"aliases":["CVE-2014-2532"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-aws5-8ugp-f3cb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/202971?format=json","vulnerability_id":"VCID-yujg-r2qc-n7br","summary":"The mm_newkeys_from_blob function in monitor_wrap.c in sshd in OpenSSH 6.2 and 6.3, when an AES-GCM cipher is used, does not properly initialize memory for a MAC context data structure, which allows remote authenticated users to bypass intended ForceCommand and login-shell restrictions via packet data that provides a crafted callback address.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4548.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4548.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4548","reference_id":"","reference_type":"","scores":[{"value":"0.00305","scoring_system":"epss","scoring_elements":"0.54191","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00305","scoring_system":"epss","scoring_elements":"0.54316","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00305","scoring_system":"epss","scoring_elements":"0.54335","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00305","scoring_system":"epss","scoring_elements":"0.5432","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4548"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4548","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4548"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1028418","reference_id":"1028418","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1028418"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=729029","reference_id":"729029","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=729029"},{"reference_url":"https://usn.ubuntu.com/2014-1/","reference_id":"USN-2014-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2014-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1074331?format=json","purl":"pkg:deb/debian/openssh@1:6.6p1-4~bpo70%2B1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-124c-8gmd-xfb7"},{"vulnerability":"VCID-1k3j-b43t-ckgx"},{"vulnerability":"VCID-29b1-zcfn-1be6"},{"vulnerability":"VCID-358j-tvz2-dbau"},{"vulnerability":"VCID-3ky7-2mqj-q7gh"},{"vulnerability":"VCID-3rbw-3649-xkgw"},{"vulnerability":"VCID-51qb-g51q-b3fd"},{"vulnerability":"VCID-59xb-y4z9-pbfp"},{"vulnerability":"VCID-6c6q-52re-zqdc"},{"vulnerability":"VCID-6ft3-n7d1-53h3"},{"vulnerability":"VCID-8mhg-d4md-sbd7"},{"vulnerability":"VCID-98ft-mftn-mfcu"},{"vulnerability":"VCID-9ycf-2n8g-tyg6"},{"vulnerability":"VCID-amga-n7sa-zket"},{"vulnerability":"VCID-b8pn-bg8e-vyca"},{"vulnerability":"VCID-bnpz-2y49-33cy"},{"vulnerability":"VCID-c2p7-27z7-5ffc"},{"vulnerability":"VCID-cm2c-arkw-audk"},{"vulnerability":"VCID-d3f4-y8af-cbap"},{"vulnerability":"VCID-dk18-vmt4-6yar"},{"vulnerability":"VCID-dscc-v22m-uyab"},{"vulnerability":"VCID-e2cy-pzgk-9ucu"},{"vulnerability":"VCID-eens-u1sp-17em"},{"vulnerability":"VCID-ga81-2agq-dfca"},{"vulnerability":"VCID-gmg1-md81-3ka6"},{"vulnerability":"VCID-gvwt-pjzt-dbdw"},{"vulnerability":"VCID-hds4-e8hn-rkhy"},{"vulnerability":"VCID-hfvj-pb4z-67av"},{"vulnerability":"VCID-kcgk-nx2a-cqc4"},{"vulnerability":"VCID-mbbh-g3se-2yen"},{"vulnerability":"VCID-nm47-brfe-rbfu"},{"vulnerability":"VCID-payd-r87h-53cc"},{"vulnerability":"VCID-pxgq-mjwq-bfa7"},{"vulnerability":"VCID-rp48-23m3-h3bx"},{"vulnerability":"VCID-tq7z-791w-pfgc"},{"vulnerability":"VCID-vb6z-841p-53bn"},{"vulnerability":"VCID-vcqw-c3yq-byhs"},{"vulnerability":"VCID-vfn3-y9yg-3yc7"},{"vulnerability":"VCID-xsrv-ne3r-37ej"},{"vulnerability":"VCID-z7bz-947q-jkgt"},{"vulnerability":"VCID-z8hs-nkmn-dfcs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:6.6p1-4~bpo70%252B1"}],"aliases":["CVE-2013-4548"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yujg-r2qc-n7br"}],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:6.6p1-4~bpo70%252B1"}