{"url":"http://public2.vulnerablecode.io/api/packages/1080331?format=json","purl":"pkg:deb/debian/nfs-utils@1:1.1.2-6lenny2","type":"deb","namespace":"debian","name":"nfs-utils","version":"1:1.1.2-6lenny2","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1:2.9.1-1","latest_non_vulnerable_version":"1:2.9.1-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/182318?format=json","vulnerability_id":"VCID-2a2r-uxh7-v3h4","summary":"A vulnerability in nfs-utils might allow remote attackers to gain\n    access to restricted information.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1923.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1923.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1923","reference_id":"","reference_type":"","scores":[{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.60802","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.60908","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.60918","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.60915","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1923"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1923","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1923"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=707401","reference_id":"707401","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=707401"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=948072","reference_id":"948072","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=948072"},{"reference_url":"https://security.gentoo.org/glsa/201412-02","reference_id":"GLSA-201412-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-02"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1080335?format=json","purl":"pkg:deb/debian/nfs-utils@1:1.2.8-9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ywtf-va5u-p7cx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nfs-utils@1:1.2.8-9"}],"aliases":["CVE-2013-1923"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2a2r-uxh7-v3h4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/201951?format=json","vulnerability_id":"VCID-6tsg-mugx-2fg5","summary":"The nfs_addmntent function in support/nfs/nfs_mntent.c in the mount.nsf tool in nfs-utils before 1.2.4 attempts to append to the /etc/mtab file without first checking whether resource limits would interfere, which allows local users to corrupt this file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1749.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1749.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1749","reference_id":"","reference_type":"","scores":[{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.37018","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.37195","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.37221","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.37206","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1749"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1749","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1749"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629420","reference_id":"629420","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629420"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=697975","reference_id":"697975","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=697975"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1534","reference_id":"RHSA-2011:1534","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1534"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0310","reference_id":"RHSA-2012:0310","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0310"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1080334?format=json","purl":"pkg:deb/debian/nfs-utils@1:1.2.6-4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2a2r-uxh7-v3h4"},{"vulnerability":"VCID-ywtf-va5u-p7cx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nfs-utils@1:1.2.6-4"}],"aliases":["CVE-2011-1749"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6tsg-mugx-2fg5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/180913?format=json","vulnerability_id":"VCID-aa2k-rkxz-7bgj","summary":"An error in nfs-utils allows for bypass of the netgroups restriction.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4552.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4552.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-4552","reference_id":"","reference_type":"","scores":[{"value":"0.01355","scoring_system":"epss","scoring_elements":"0.80532","published_at":"2026-06-11T12:55:00Z"},{"value":"0.01355","scoring_system":"epss","scoring_elements":"0.80593","published_at":"2026-06-12T12:55:00Z"},{"value":"0.01355","scoring_system":"epss","scoring_elements":"0.80604","published_at":"2026-06-13T12:55:00Z"},{"value":"0.01355","scoring_system":"epss","scoring_elements":"0.80596","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-4552"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4552","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4552"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=458676","reference_id":"458676","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=458676"},{"reference_url":"https://security.gentoo.org/glsa/200903-06","reference_id":"GLSA-200903-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200903-06"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1321","reference_id":"RHSA-2009:1321","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1321"},{"reference_url":"https://usn.ubuntu.com/687-1/","reference_id":"USN-687-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/687-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1080332?format=json","purl":"pkg:deb/debian/nfs-utils@1:1.2.2-4squeeze2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2a2r-uxh7-v3h4"},{"vulnerability":"VCID-6tsg-mugx-2fg5"},{"vulnerability":"VCID-v8n2-m3vp-x3ft"},{"vulnerability":"VCID-ywtf-va5u-p7cx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nfs-utils@1:1.2.2-4squeeze2"}],"aliases":["CVE-2008-4552"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-aa2k-rkxz-7bgj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/201998?format=json","vulnerability_id":"VCID-v8n2-m3vp-x3ft","summary":"The host_reliable_addrinfo function in support/export/hostname.c in nfs-utils before 1.2.4 does not properly use DNS to verify access to NFS exports, which allows remote attackers to mount filesystems by establishing crafted DNS A and PTR records.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2500.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2500.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2500","reference_id":"","reference_type":"","scores":[{"value":"0.0062","scoring_system":"epss","scoring_elements":"0.70527","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0062","scoring_system":"epss","scoring_elements":"0.70617","published_at":"2026-06-12T12:55:00Z"},{"value":"0.0062","scoring_system":"epss","scoring_elements":"0.70631","published_at":"2026-06-13T12:55:00Z"},{"value":"0.0062","scoring_system":"epss","scoring_elements":"0.70627","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2500"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2500","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2500"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=633155","reference_id":"633155","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=633155"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=716949","reference_id":"716949","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=716949"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1534","reference_id":"RHSA-2011:1534","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1534"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1080334?format=json","purl":"pkg:deb/debian/nfs-utils@1:1.2.6-4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2a2r-uxh7-v3h4"},{"vulnerability":"VCID-ywtf-va5u-p7cx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nfs-utils@1:1.2.6-4"}],"aliases":["CVE-2011-2500"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v8n2-m3vp-x3ft"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7039?format=json","vulnerability_id":"VCID-ywtf-va5u-p7cx","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3689.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3689.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-3689","reference_id":"","reference_type":"","scores":[{"value":"0.00336","scoring_system":"epss","scoring_elements":"0.56805","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00336","scoring_system":"epss","scoring_elements":"0.56926","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00336","scoring_system":"epss","scoring_elements":"0.5694","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00336","scoring_system":"epss","scoring_elements":"0.56931","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-3689"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3689","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3689"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1850194","reference_id":"1850194","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1850194"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=940848","reference_id":"940848","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=940848"},{"reference_url":"https://usn.ubuntu.com/4400-1/","reference_id":"USN-4400-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4400-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1078444?format=json","purl":"pkg:deb/debian/nfs-utils@1:1.3.4-6%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-wyq5-9q5y-z3cn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nfs-utils@1:1.3.4-6%252Bdeb11u1"}],"aliases":["CVE-2019-3689"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ywtf-va5u-p7cx"}],"fixing_vulnerabilities":[],"risk_score":"4.4","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nfs-utils@1:1.1.2-6lenny2"}