{"url":"http://public2.vulnerablecode.io/api/packages/108326?format=json","purl":"pkg:rpm/redhat/libxml2@2.9.1-6.el7?arch=4","type":"rpm","namespace":"redhat","name":"libxml2","version":"2.9.1-6.el7","qualifiers":{"arch":"4"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7205?format=json","vulnerability_id":"VCID-3s4n-twju-b3dw","summary":"Uncontrolled Resource Consumption\nThe xz_decomp function in xzlib.c in libxml2 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.","references":[{"reference_url":"http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html"},{"reference_url":"http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html"},{"reference_url":"http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html"},{"reference_url":"http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177341.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177341.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177381.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177381.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-1089.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2016-1089.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8035.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8035.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8035","reference_id":"","reference_type":"","scores":[{"value":"0.01006","scoring_system":"epss","scoring_elements":"0.77251","published_at":"2026-05-14T12:55:00Z"},{"value":"0.01006","scoring_system":"epss","scoring_elements":"0.77203","published_at":"2026-05-12T12:55:00Z"},{"value":"0.01051","scoring_system":"epss","scoring_elements":"0.77678","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01051","scoring_system":"epss","scoring_elements":"0.77649","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01051","scoring_system":"epss","scoring_elements":"0.7764","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01051","scoring_system":"epss","scoring_elements":"0.77697","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0108","scoring_system":"epss","scoring_elements":"0.77787","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0108","scoring_system":"epss","scoring_elements":"0.77793","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0108","scoring_system":"epss","scoring_elements":"0.77821","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01104","scoring_system":"epss","scoring_elements":"0.78083","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01104","scoring_system":"epss","scoring_elements":"0.78079","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01104","scoring_system":"epss","scoring_elements":"0.78114","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01104","scoring_system":"epss","scoring_elements":"0.78108","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01104","scoring_system":"epss","scoring_elements":"0.78141","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01104","scoring_system":"epss","scoring_elements":"0.78147","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01104","scoring_system":"epss","scoring_elements":"0.781","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01104","scoring_system":"epss","scoring_elements":"0.78073","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01104","scoring_system":"epss","scoring_elements":"0.78069","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01104","scoring_system":"epss","scoring_elements":"0.78043","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01311","scoring_system":"epss","scoring_elements":"0.79937","published_at":"2026-05-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8035"},{"reference_url":"https://bugzilla.gnome.org/show_bug.cgi?id=757466","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.gnome.org/show_bug.cgi?id=757466"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1819","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1819"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5312","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5312"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7497","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7497"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7498","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7498"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7499","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7499"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7500","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7500"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7941","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7941"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7942","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7942"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8035","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8035"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8241","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8241"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8317","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8317"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8710","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8710"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017","reference_id":"","reference_type":"","scores":[],"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017"},{"reference_url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380","reference_id":"","reference_type":"","scores":[],"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380"},{"reference_url":"https://support.apple.com/HT206166","reference_id":"","reference_type":"","scores":[],"url":"https://support.apple.com/HT206166"},{"reference_url":"https://support.apple.com/HT206167","reference_id":"","reference_type":"","scores":[],"url":"https://support.apple.com/HT206167"},{"reference_url":"https://support.apple.com/HT206168","reference_id":"","reference_type":"","scores":[],"url":"https://support.apple.com/HT206168"},{"reference_url":"https://support.apple.com/HT206169","reference_id":"","reference_type":"","scores":[],"url":"https://support.apple.com/HT206169"},{"reference_url":"http://www.debian.org/security/2015/dsa-3430","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2015/dsa-3430"},{"reference_url":"http://www.openwall.com/lists/oss-security/2015/11/02/2","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2015/11/02/2"},{"reference_url":"http://www.openwall.com/lists/oss-security/2015/11/02/4","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2015/11/02/4"},{"reference_url":"http://www.openwall.com/lists/oss-security/2015/11/03/1","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2015/11/03/1"},{"reference_url":"http://www.securityfocus.com/bid/77390","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/77390"},{"reference_url":"http://www.securitytracker.com/id/1034243","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1034243"},{"reference_url":"http://www.ubuntu.com/usn/USN-2812-1","reference_id":"","reference_type":"","scores":[],"url":"http://www.ubuntu.com/usn/USN-2812-1"},{"reference_url":"http://xmlsoft.org/news.html","reference_id":"","reference_type":"","scores":[],"url":"http://xmlsoft.org/news.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1277146","reference_id":"1277146","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1277146"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=803942","reference_id":"803942","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=803942"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.9.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:xmlsoft:libxml2:2.9.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.9.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-8035","reference_id":"CVE-2015-8035","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:N/I:N/A:P"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-8035"},{"reference_url":"https://security.gentoo.org/glsa/201701-37","reference_id":"GLSA-201701-37","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-37"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1089","reference_id":"RHSA-2016:1089","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1089"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1190","reference_id":"RHSA-2020:1190","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1190"},{"reference_url":"https://usn.ubuntu.com/2812-1/","reference_id":"USN-2812-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2812-1/"}],"fixed_packages":[],"aliases":["CVE-2015-8035"],"risk_score":1.1,"exploitability":"0.5","weighted_severity":"2.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3s4n-twju-b3dw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7463?format=json","vulnerability_id":"VCID-9q49-2srz-rkg7","summary":"Use After Free\nUse-after-free vulnerability in libxml2, as used in Google Chrome, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.","references":[{"reference_url":"http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:49:18Z/"}],"url":"http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html"},{"reference_url":"http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:49:18Z/"}],"url":"http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html"},{"reference_url":"http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:49:18Z/"}],"url":"http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html"},{"reference_url":"http://lists.apple.com/archives/security-announce/2016/Sep/msg00010.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:49:18Z/"}],"url":"http://lists.apple.com/archives/security-announce/2016/Sep/msg00010.html"},{"reference_url":"http://lists.apple.com/archives/security-announce/2016/Sep/msg00011.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:49:18Z/"}],"url":"http://lists.apple.com/archives/security-announce/2016/Sep/msg00011.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00020.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:49:18Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00020.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00021.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:49:18Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00021.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00022.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:49:18Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00022.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00028.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:49:18Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00028.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-1485.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:49:18Z/"}],"url":"http://rhn.redhat.com/errata/RHSA-2016-1485.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5131.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5131.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5131","reference_id":"","reference_type":"","scores":[{"value":"0.0369","scoring_system":"epss","scoring_elements":"0.87985","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0369","scoring_system":"epss","scoring_elements":"0.88","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0369","scoring_system":"epss","scoring_elements":"0.88017","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0369","scoring_system":"epss","scoring_elements":"0.88014","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0369","scoring_system":"epss","scoring_elements":"0.88027","published_at":"2026-05-12T12:55:00Z"},{"value":"0.0369","scoring_system":"epss","scoring_elements":"0.88057","published_at":"2026-05-14T12:55:00Z"},{"value":"0.0369","scoring_system":"epss","scoring_elements":"0.87974","published_at":"2026-04-29T12:55:00Z"},{"value":"0.03868","scoring_system":"epss","scoring_elements":"0.88239","published_at":"2026-04-21T12:55:00Z"},{"value":"0.03868","scoring_system":"epss","scoring_elements":"0.88198","published_at":"2026-04-07T12:55:00Z"},{"value":"0.03868","scoring_system":"epss","scoring_elements":"0.88217","published_at":"2026-04-08T12:55:00Z"},{"value":"0.03868","scoring_system":"epss","scoring_elements":"0.88223","published_at":"2026-04-09T12:55:00Z"},{"value":"0.03868","scoring_system":"epss","scoring_elements":"0.88234","published_at":"2026-04-11T12:55:00Z"},{"value":"0.03868","scoring_system":"epss","scoring_elements":"0.88227","published_at":"2026-04-12T12:55:00Z"},{"value":"0.03868","scoring_system":"epss","scoring_elements":"0.88226","published_at":"2026-04-13T12:55:00Z"},{"value":"0.03868","scoring_system":"epss","scoring_elements":"0.8824","published_at":"2026-04-16T12:55:00Z"},{"value":"0.03868","scoring_system":"epss","scoring_elements":"0.88258","published_at":"2026-04-24T12:55:00Z"},{"value":"0.03868","scoring_system":"epss","scoring_elements":"0.88263","published_at":"2026-04-26T12:55:00Z"},{"value":"0.03971","scoring_system":"epss","scoring_elements":"0.88338","published_at":"2026-04-02T12:55:00Z"},{"value":"0.03971","scoring_system":"epss","scoring_elements":"0.8833","published_at":"2026-04-01T12:55:00Z"},{"value":"0.03971","scoring_system":"epss","scoring_elements":"0.88352","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5131"},{"reference_url":"https://codereview.chromium.org/2127493002","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:49:18Z/"}],"url":"https://codereview.chromium.org/2127493002"},{"reference_url":"https://crbug.com/623378","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:49:18Z/"}],"url":"https://crbug.com/623378"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1704","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1704"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1705","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1705"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1707","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1707"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1708","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1708"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1709","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1709"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1710","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1710"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1711","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1711"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4658","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4658"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5127","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5127"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5128","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5128"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5129","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5129"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5130","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5130"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5131","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5131"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5132","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5132"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5133","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5133"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5134","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5134"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5135","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5135"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5136","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5136"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5137","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5137"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://source.android.com/security/bulletin/2017-05-01","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:49:18Z/"}],"url":"https://source.android.com/security/bulletin/2017-05-01"},{"reference_url":"https://support.apple.com/HT207141","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:49:18Z/"}],"url":"https://support.apple.com/HT207141"},{"reference_url":"https://support.apple.com/HT207142","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:49:18Z/"}],"url":"https://support.apple.com/HT207142"},{"reference_url":"https://support.apple.com/HT207143","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:49:18Z/"}],"url":"https://support.apple.com/HT207143"},{"reference_url":"https://support.apple.com/HT207170","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:49:18Z/"}],"url":"https://support.apple.com/HT207170"},{"reference_url":"http://www.debian.org/security/2016/dsa-3637","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:49:18Z/"}],"url":"http://www.debian.org/security/2016/dsa-3637"},{"reference_url":"http://www.securityfocus.com/bid/92053","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:49:18Z/"}],"url":"http://www.securityfocus.com/bid/92053"},{"reference_url":"http://www.securitytracker.com/id/1036428","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:49:18Z/"}],"url":"http://www.securitytracker.com/id/1036428"},{"reference_url":"http://www.securitytracker.com/id/1038623","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:49:18Z/"}],"url":"http://www.securitytracker.com/id/1038623"},{"reference_url":"http://www.ubuntu.com/usn/USN-3041-1","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:49:18Z/"}],"url":"http://www.ubuntu.com/usn/USN-3041-1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1358641","reference_id":"1358641","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:49:18Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1358641"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840554","reference_id":"840554","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840554"},{"reference_url":"https://security.archlinux.org/ASA-201611-2","reference_id":"ASA-201611-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-2"},{"reference_url":"https://security.archlinux.org/AVG-56","reference_id":"AVG-56","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-56"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise:12.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:suse:linux_enterprise:12.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise:12.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-5131","reference_id":"CVE-2016-5131","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"},{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-5131"},{"reference_url":"https://security.gentoo.org/glsa/201610-09","reference_id":"GLSA-201610-09","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:49:18Z/"}],"url":"https://security.gentoo.org/glsa/201610-09"},{"reference_url":"https://security.gentoo.org/glsa/201701-37","reference_id":"GLSA-201701-37","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:49:18Z/"}],"url":"https://security.gentoo.org/glsa/201701-37"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1485","reference_id":"RHSA-2016:1485","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1485"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1190","reference_id":"RHSA-2020:1190","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1190"},{"reference_url":"https://usn.ubuntu.com/3041-1/","reference_id":"USN-3041-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3041-1/"},{"reference_url":"https://usn.ubuntu.com/3235-1/","reference_id":"USN-3235-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3235-1/"}],"fixed_packages":[],"aliases":["CVE-2016-5131"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9q49-2srz-rkg7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9630?format=json","vulnerability_id":"VCID-bejh-22y7-kuh6","summary":"NULL Pointer Dereference\nA NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1543","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T21:07:49Z/"}],"url":"https://access.redhat.com/errata/RHSA-2019:1543"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14404.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14404.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14404","reference_id":"","reference_type":"","scores":[{"value":"0.18492","scoring_system":"epss","scoring_elements":"0.95218","published_at":"2026-04-02T12:55:00Z"},{"value":"0.18492","scoring_system":"epss","scoring_elements":"0.9522","published_at":"2026-04-04T12:55:00Z"},{"value":"0.18492","scoring_system":"epss","scoring_elements":"0.95206","published_at":"2026-04-01T12:55:00Z"},{"value":"0.20012","scoring_system":"epss","scoring_elements":"0.95486","published_at":"2026-04-21T12:55:00Z"},{"value":"0.20012","scoring_system":"epss","scoring_elements":"0.95535","published_at":"2026-05-14T12:55:00Z"},{"value":"0.20012","scoring_system":"epss","scoring_elements":"0.95521","published_at":"2026-05-12T12:55:00Z"},{"value":"0.20012","scoring_system":"epss","scoring_elements":"0.95516","published_at":"2026-05-11T12:55:00Z"},{"value":"0.20012","scoring_system":"epss","scoring_elements":"0.9551","published_at":"2026-05-09T12:55:00Z"},{"value":"0.20012","scoring_system":"epss","scoring_elements":"0.95504","published_at":"2026-05-07T12:55:00Z"},{"value":"0.20012","scoring_system":"epss","scoring_elements":"0.95499","published_at":"2026-05-05T12:55:00Z"},{"value":"0.20012","scoring_system":"epss","scoring_elements":"0.95489","published_at":"2026-04-29T12:55:00Z"},{"value":"0.20012","scoring_system":"epss","scoring_elements":"0.95488","published_at":"2026-04-24T12:55:00Z"},{"value":"0.20012","scoring_system":"epss","scoring_elements":"0.95483","published_at":"2026-04-18T12:55:00Z"},{"value":"0.20012","scoring_system":"epss","scoring_elements":"0.95478","published_at":"2026-04-16T12:55:00Z"},{"value":"0.20012","scoring_system":"epss","scoring_elements":"0.95469","published_at":"2026-04-13T12:55:00Z"},{"value":"0.20012","scoring_system":"epss","scoring_elements":"0.95468","published_at":"2026-04-12T12:55:00Z"},{"value":"0.20012","scoring_system":"epss","scoring_elements":"0.95464","published_at":"2026-04-09T12:55:00Z"},{"value":"0.20012","scoring_system":"epss","scoring_elements":"0.95461","published_at":"2026-04-08T12:55:00Z"},{"value":"0.20012","scoring_system":"epss","scoring_elements":"0.95454","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14404"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901817","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T21:07:49Z/"}],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901817"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1595985","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T21:07:49Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1595985"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14404","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14404"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/sparklemotion/nokogiri/issues/1785","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri/issues/1785"},{"reference_url":"https://gitlab.gnome.org/GNOME/libxml2/issues/10","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T21:07:49Z/"}],"url":"https://gitlab.gnome.org/GNOME/libxml2/issues/10"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T21:07:49Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T21:07:49Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190719-0002","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20190719-0002"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190719-0002/","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T21:07:49Z/"}],"url":"https://security.netapp.com/advisory/ntap-20190719-0002/"},{"reference_url":"https://usn.ubuntu.com/3739-1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/3739-1"},{"reference_url":"https://usn.ubuntu.com/3739-1/","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T21:07:49Z/"}],"url":"https://usn.ubuntu.com/3739-1/"},{"reference_url":"https://usn.ubuntu.com/3739-2","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/3739-2"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14404","reference_id":"CVE-2018-14404","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14404"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2018-14404.yml","reference_id":"CVE-2018-14404.YML","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2018-14404.yml"},{"reference_url":"https://github.com/advisories/GHSA-6qvp-r6r3-9p7h","reference_id":"GHSA-6qvp-r6r3-9p7h","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6qvp-r6r3-9p7h"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1190","reference_id":"RHSA-2020:1190","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1190"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1827","reference_id":"RHSA-2020:1827","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1827"},{"reference_url":"https://usn.ubuntu.com/3739-2/","reference_id":"USN-3739-2","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T21:07:49Z/"}],"url":"https://usn.ubuntu.com/3739-2/"}],"fixed_packages":[],"aliases":["CVE-2018-14404","GHSA-6qvp-r6r3-9p7h"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bejh-22y7-kuh6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9765?format=json","vulnerability_id":"VCID-t53m-6vvr-27cf","summary":"Loop with Unreachable Exit Condition ('Infinite Loop')\nlibxml2, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14567.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14567.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14567","reference_id":"","reference_type":"","scores":[{"value":"0.00677","scoring_system":"epss","scoring_elements":"0.71451","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00677","scoring_system":"epss","scoring_elements":"0.71459","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00677","scoring_system":"epss","scoring_elements":"0.71476","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00677","scoring_system":"epss","scoring_elements":"0.71449","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00677","scoring_system":"epss","scoring_elements":"0.71489","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00677","scoring_system":"epss","scoring_elements":"0.71501","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00677","scoring_system":"epss","scoring_elements":"0.71524","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00677","scoring_system":"epss","scoring_elements":"0.71508","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00677","scoring_system":"epss","scoring_elements":"0.7149","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00677","scoring_system":"epss","scoring_elements":"0.71536","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00677","scoring_system":"epss","scoring_elements":"0.71541","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00677","scoring_system":"epss","scoring_elements":"0.7152","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00677","scoring_system":"epss","scoring_elements":"0.71571","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00677","scoring_system":"epss","scoring_elements":"0.71578","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00677","scoring_system":"epss","scoring_elements":"0.71583","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00677","scoring_system":"epss","scoring_elements":"0.71569","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00677","scoring_system":"epss","scoring_elements":"0.71604","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00677","scoring_system":"epss","scoring_elements":"0.71638","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00677","scoring_system":"epss","scoring_elements":"0.71605","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00677","scoring_system":"epss","scoring_elements":"0.71635","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00677","scoring_system":"epss","scoring_elements":"0.71691","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14567"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14567","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14567"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1619875","reference_id":"1619875","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1619875"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14567","reference_id":"CVE-2018-14567","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14567"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1190","reference_id":"RHSA-2020:1190","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1190"}],"fixed_packages":[],"aliases":["CVE-2018-14567"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t53m-6vvr-27cf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9793?format=json","vulnerability_id":"VCID-tn87-vke6-kuf6","summary":"Use After Free\nUse after free in libxml2, as used in Google Chrome and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3401","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:3401"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0287","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:0287"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15412.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15412.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15412","reference_id":"","reference_type":"","scores":[{"value":"0.01891","scoring_system":"epss","scoring_elements":"0.83191","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01891","scoring_system":"epss","scoring_elements":"0.83187","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01891","scoring_system":"epss","scoring_elements":"0.83223","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01891","scoring_system":"epss","scoring_elements":"0.83224","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01891","scoring_system":"epss","scoring_elements":"0.83227","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01891","scoring_system":"epss","scoring_elements":"0.83258","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01891","scoring_system":"epss","scoring_elements":"0.8325","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01891","scoring_system":"epss","scoring_elements":"0.83149","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01891","scoring_system":"epss","scoring_elements":"0.83174","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01891","scoring_system":"epss","scoring_elements":"0.83181","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01891","scoring_system":"epss","scoring_elements":"0.83197","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01943","scoring_system":"epss","scoring_elements":"0.83398","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01943","scoring_system":"epss","scoring_elements":"0.8337","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01943","scoring_system":"epss","scoring_elements":"0.83383","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02195","scoring_system":"epss","scoring_elements":"0.84511","published_at":"2026-05-07T12:55:00Z"},{"value":"0.02195","scoring_system":"epss","scoring_elements":"0.84527","published_at":"2026-05-09T12:55:00Z"},{"value":"0.02195","scoring_system":"epss","scoring_elements":"0.84466","published_at":"2026-04-29T12:55:00Z"},{"value":"0.02195","scoring_system":"epss","scoring_elements":"0.84485","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0248","scoring_system":"epss","scoring_elements":"0.85393","published_at":"2026-05-11T12:55:00Z"},{"value":"0.02535","scoring_system":"epss","scoring_elements":"0.85611","published_at":"2026-05-14T12:55:00Z"},{"value":"0.02535","scoring_system":"epss","scoring_elements":"0.85574","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15412"},{"reference_url":"https://bugzilla.gnome.org/show_bug.cgi?id=783160","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.gnome.org/show_bug.cgi?id=783160"},{"reference_url":"https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html"},{"reference_url":"https://crbug.com/727039","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://crbug.com/727039"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15412","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15412"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2017-15412.yml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2017-15412.yml"},{"reference_url":"https://github.com/sparklemotion/nokogiri/issues/1714","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":""},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri/issues/1714"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2017/12/msg00014.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2017/12/msg00014.html"},{"reference_url":"https://web.archive.org/web/20201208155618/http://www.securitytracker.com/id/1040348","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20201208155618/http://www.securitytracker.com/id/1040348"},{"reference_url":"https://www.debian.org/security/2018/dsa-4086","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2018/dsa-4086"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1523128","reference_id":"1523128","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1523128"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883790","reference_id":"883790","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883790"},{"reference_url":"https://security.archlinux.org/ASA-201712-5","reference_id":"ASA-201712-5","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201712-5"},{"reference_url":"https://security.archlinux.org/AVG-544","reference_id":"AVG-544","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-544"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15412","reference_id":"CVE-2017-15412","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15412"},{"reference_url":"https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-15412.html","reference_id":"CVE-2017-15412.HTML","reference_type":"","scores":[],"url":"https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-15412.html"},{"reference_url":"https://github.com/advisories/GHSA-r58r-74gx-6wx3","reference_id":"GHSA-r58r-74gx-6wx3","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r58r-74gx-6wx3"},{"reference_url":"https://security.gentoo.org/glsa/201801-03","reference_id":"GLSA-201801-03","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201801-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1190","reference_id":"RHSA-2020:1190","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1190"},{"reference_url":"https://usn.ubuntu.com/3513-1/","reference_id":"USN-3513-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3513-1/"},{"reference_url":"https://usn.ubuntu.com/3513-2/","reference_id":"USN-3513-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3513-2/"}],"fixed_packages":[],"aliases":["CVE-2017-15412","GHSA-r58r-74gx-6wx3"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tn87-vke6-kuf6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8947?format=json","vulnerability_id":"VCID-wc4g-sxyq-ubcd","summary":"Allocation of Resources Without Limits or Throttling\nThe xz_head function in xzlib.c in libxml2 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-18258.json","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-18258.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-18258","reference_id":"","reference_type":"","scores":[{"value":"0.00606","scoring_system":"epss","scoring_elements":"0.69739","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00678","scoring_system":"epss","scoring_elements":"0.71675","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00678","scoring_system":"epss","scoring_elements":"0.71641","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00678","scoring_system":"epss","scoring_elements":"0.71606","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00678","scoring_system":"epss","scoring_elements":"0.7162","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0079","scoring_system":"epss","scoring_elements":"0.73914","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0079","scoring_system":"epss","scoring_elements":"0.73824","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0079","scoring_system":"epss","scoring_elements":"0.73833","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0079","scoring_system":"epss","scoring_elements":"0.73858","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0079","scoring_system":"epss","scoring_elements":"0.73829","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0079","scoring_system":"epss","scoring_elements":"0.73863","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0079","scoring_system":"epss","scoring_elements":"0.73876","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0079","scoring_system":"epss","scoring_elements":"0.73898","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0079","scoring_system":"epss","scoring_elements":"0.7388","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0079","scoring_system":"epss","scoring_elements":"0.73872","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0079","scoring_system":"epss","scoring_elements":"0.73922","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0079","scoring_system":"epss","scoring_elements":"0.73949","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0079","scoring_system":"epss","scoring_elements":"0.73958","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00898","scoring_system":"epss","scoring_elements":"0.75837","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00898","scoring_system":"epss","scoring_elements":"0.75784","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-18258"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18258","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18258"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://git.gnome.org/browse/libxml2/commit/?id=e2a9122b8dde53d320750451e9907a7dcb2ca8bb","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://git.gnome.org/browse/libxml2/commit/?id=e2a9122b8dde53d320750451e9907a7dcb2ca8bb"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2017-18258.yml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2017-18258.yml"},{"reference_url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10284","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10284"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190719-0001","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20190719-0001"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190719-0001/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20190719-0001/"},{"reference_url":"https://usn.ubuntu.com/3739-1","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/3739-1"},{"reference_url":"https://usn.ubuntu.com/3739-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3739-1/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1566749","reference_id":"1566749","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1566749"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895245","reference_id":"895245","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895245"},{"reference_url":"https://security.archlinux.org/AVG-671","reference_id":"AVG-671","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-671"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-18258","reference_id":"CVE-2017-18258","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-18258"},{"reference_url":"https://github.com/advisories/GHSA-882p-jqgm-f45g","reference_id":"GHSA-882p-jqgm-f45g","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-882p-jqgm-f45g"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1190","reference_id":"RHSA-2020:1190","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1190"}],"fixed_packages":[],"aliases":["CVE-2017-18258","GHSA-882p-jqgm-f45g"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wc4g-sxyq-ubcd"}],"fixing_vulnerabilities":[],"risk_score":"4.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/libxml2@2.9.1-6.el7%3Farch=4"}