{"url":"http://public2.vulnerablecode.io/api/packages/115282?format=json","purl":"pkg:rpm/redhat/rubygem-tilt@1.3.3-18?arch=el6sat","type":"rpm","namespace":"redhat","name":"rubygem-tilt","version":"1.3.3-18","qualifiers":{"arch":"el6sat"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/85737?format=json","vulnerability_id":"VCID-1yu9-avtx-cybv","summary":"foreman: API not scoping resources to taxonomies","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1844.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1844.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1844","reference_id":"","reference_type":"","scores":[{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49444","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49473","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49499","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49452","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49507","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49503","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.4952","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49491","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49494","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1844"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1207589","reference_id":"1207589","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1207589"}],"fixed_packages":[],"aliases":["CVE-2015-1844"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1yu9-avtx-cybv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/85693?format=json","vulnerability_id":"VCID-7f1h-1fw8-k7c4","summary":"foreman: the _session_id cookie is issued without the Secure flag","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3155.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3155.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3155","reference_id":"","reference_type":"","scores":[{"value":"0.0056","scoring_system":"epss","scoring_elements":"0.68193","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0056","scoring_system":"epss","scoring_elements":"0.68214","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0056","scoring_system":"epss","scoring_elements":"0.68233","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0056","scoring_system":"epss","scoring_elements":"0.68209","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0056","scoring_system":"epss","scoring_elements":"0.68259","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0056","scoring_system":"epss","scoring_elements":"0.68275","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0056","scoring_system":"epss","scoring_elements":"0.683","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0056","scoring_system":"epss","scoring_elements":"0.68288","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0056","scoring_system":"epss","scoring_elements":"0.68254","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3155"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1216035","reference_id":"1216035","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1216035"}],"fixed_packages":[],"aliases":["CVE-2015-3155"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7f1h-1fw8-k7c4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/86129?format=json","vulnerability_id":"VCID-8wen-twwa-8khm","summary":"foreman: cross-site scripting (XSS) flaw in template preview screen","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3653.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3653.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3653","reference_id":"","reference_type":"","scores":[{"value":"0.00389","scoring_system":"epss","scoring_elements":"0.59891","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00389","scoring_system":"epss","scoring_elements":"0.59968","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00389","scoring_system":"epss","scoring_elements":"0.59993","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00389","scoring_system":"epss","scoring_elements":"0.59963","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00389","scoring_system":"epss","scoring_elements":"0.60013","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00389","scoring_system":"epss","scoring_elements":"0.60026","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00389","scoring_system":"epss","scoring_elements":"0.60047","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00389","scoring_system":"epss","scoring_elements":"0.60032","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00389","scoring_system":"epss","scoring_elements":"0.60014","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3653"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1145398","reference_id":"1145398","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1145398"}],"fixed_packages":[],"aliases":["CVE-2014-3653"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8wen-twwa-8khm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/85234?format=json","vulnerability_id":"VCID-b9ad-t22m-9ya8","summary":"pulp: Insecure temporary file used when generating certificate for Pulp Nodes","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3108.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3108.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3108","reference_id":"","reference_type":"","scores":[{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12489","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12593","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12635","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12443","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12524","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12575","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12543","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12505","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12465","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3108"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1325934","reference_id":"1325934","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1325934"}],"fixed_packages":[],"aliases":["CVE-2016-3108"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b9ad-t22m-9ya8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/85236?format=json","vulnerability_id":"VCID-j162-yzbc-cycs","summary":"pulp: Race condition when generating RSA keys for authenticating messages between server and consumers","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3111.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3111.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3111","reference_id":"","reference_type":"","scores":[{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14762","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14812","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14891","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14692","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14782","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14843","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14802","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14765","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14709","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3111"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1326251","reference_id":"1326251","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1326251"}],"fixed_packages":[],"aliases":["CVE-2016-3111"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j162-yzbc-cycs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/85233?format=json","vulnerability_id":"VCID-pwuz-vu73-b7f2","summary":"pulp: Node certificate containing private key stored in world-readable file","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3107.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3107.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3107","reference_id":"","reference_type":"","scores":[{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08658","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08686","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08734","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08759","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.0876","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08738","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08723","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3107"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1325930","reference_id":"1325930","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1325930"}],"fixed_packages":[],"aliases":["CVE-2016-3107"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pwuz-vu73-b7f2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/85235?format=json","vulnerability_id":"VCID-qj42-dfhb-mqep","summary":"pulp: Agent certificate containing private key is stored in world-readable file","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3112.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3112.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3112","reference_id":"","reference_type":"","scores":[{"value":"0.00421","scoring_system":"epss","scoring_elements":"0.61855","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00421","scoring_system":"epss","scoring_elements":"0.61928","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00421","scoring_system":"epss","scoring_elements":"0.61958","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00421","scoring_system":"epss","scoring_elements":"0.61978","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00421","scoring_system":"epss","scoring_elements":"0.61995","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00421","scoring_system":"epss","scoring_elements":"0.62017","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00421","scoring_system":"epss","scoring_elements":"0.62006","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00421","scoring_system":"epss","scoring_elements":"0.61985","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3112"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1326242","reference_id":"1326242","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1326242"}],"fixed_packages":[],"aliases":["CVE-2016-3112"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qj42-dfhb-mqep"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/85795?format=json","vulnerability_id":"VCID-rc65-py17-kuhm","summary":"foreman: lack of SSL certificate validation when performing LDAPS authentication","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1816.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1816.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1816","reference_id":"","reference_type":"","scores":[{"value":"0.00217","scoring_system":"epss","scoring_elements":"0.44212","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00217","scoring_system":"epss","scoring_elements":"0.44279","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00217","scoring_system":"epss","scoring_elements":"0.44302","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00217","scoring_system":"epss","scoring_elements":"0.44235","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00217","scoring_system":"epss","scoring_elements":"0.44287","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00217","scoring_system":"epss","scoring_elements":"0.44292","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00217","scoring_system":"epss","scoring_elements":"0.44309","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00217","scoring_system":"epss","scoring_elements":"0.44277","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1816"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1208602","reference_id":"1208602","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1208602"}],"fixed_packages":[],"aliases":["CVE-2015-1816"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rc65-py17-kuhm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/85522?format=json","vulnerability_id":"VCID-sh6q-bacd-4fah","summary":"foreman: XSS in hidden parameter value switcher","references":[{"reference_url":"http://projects.theforeman.org/issues/11859","reference_id":"","reference_type":"","scores":[],"url":"http://projects.theforeman.org/issues/11859"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5282.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5282.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5282","reference_id":"","reference_type":"","scores":[{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.62754","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.62778","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.62648","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.62706","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.62737","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.62701","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.62753","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.6277","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.62788","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5282"},{"reference_url":"https://github.com/theforeman/foreman/commit/4f3555b217be8723e8045f9816d147b5f684ec57","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/theforeman/foreman/commit/4f3555b217be8723e8045f9816d147b5f684ec57"},{"reference_url":"https://theforeman.org/security.html#2015-5282","reference_id":"","reference_type":"","scores":[],"url":"https://theforeman.org/security.html#2015-5282"},{"reference_url":"http://www.openwall.com/lists/oss-security/2015/09/21/3","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2015/09/21/3"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1264221","reference_id":"1264221","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1264221"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:foreman:1.10.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:theforeman:foreman:1.10.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:foreman:1.10.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:foreman:1.10.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:theforeman:foreman:1.10.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:foreman:1.10.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:foreman:1.10.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:theforeman:foreman:1.10.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:foreman:1.10.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:foreman:1.10.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:theforeman:foreman:1.10.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:foreman:1.10.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:foreman:1.10.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:theforeman:foreman:1.10.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:foreman:1.10.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:foreman:1.11.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:theforeman:foreman:1.11.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:foreman:1.11.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:foreman:1.11.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:theforeman:foreman:1.11.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:foreman:1.11.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:foreman:1.11.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:theforeman:foreman:1.11.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:foreman:1.11.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:foreman:1.11.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:theforeman:foreman:1.11.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:foreman:1.11.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:foreman:1.11.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:theforeman:foreman:1.11.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:foreman:1.11.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:foreman:1.12.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:theforeman:foreman:1.12.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:foreman:1.12.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:foreman:1.12.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:theforeman:foreman:1.12.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:foreman:1.12.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:foreman:1.12.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:theforeman:foreman:1.12.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:foreman:1.12.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:foreman:1.12.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:theforeman:foreman:1.12.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:foreman:1.12.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:foreman:1.12.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:theforeman:foreman:1.12.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:foreman:1.12.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:foreman:1.13.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:theforeman:foreman:1.13.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:foreman:1.13.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:foreman:1.13.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:theforeman:foreman:1.13.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:foreman:1.13.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:foreman:1.13.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:theforeman:foreman:1.13.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:foreman:1.13.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:foreman:1.13.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:theforeman:foreman:1.13.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:foreman:1.13.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:foreman:1.13.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:theforeman:foreman:1.13.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:foreman:1.13.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:foreman:1.14.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:theforeman:foreman:1.14.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:foreman:1.14.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:foreman:1.14.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:theforeman:foreman:1.14.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:foreman:1.14.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:foreman:1.14.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:theforeman:foreman:1.14.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:foreman:1.14.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:foreman:1.14.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:theforeman:foreman:1.14.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:foreman:1.14.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:foreman:1.15.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:theforeman:foreman:1.15.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:foreman:1.15.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:foreman:1.15.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:theforeman:foreman:1.15.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:foreman:1.15.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:foreman:1.15.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:theforeman:foreman:1.15.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:foreman:1.15.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:foreman:1.15.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:theforeman:foreman:1.15.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:foreman:1.15.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:foreman:1.15.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:theforeman:foreman:1.15.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:foreman:1.15.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:foreman:1.16.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:theforeman:foreman:1.16.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:foreman:1.16.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:foreman:1.7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:theforeman:foreman:1.7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:foreman:1.7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:foreman:1.7.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:theforeman:foreman:1.7.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:foreman:1.7.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:foreman:1.7.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:theforeman:foreman:1.7.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:foreman:1.7.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:foreman:1.7.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:theforeman:foreman:1.7.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:foreman:1.7.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:foreman:1.7.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:theforeman:foreman:1.7.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:foreman:1.7.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:foreman:1.7.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:theforeman:foreman:1.7.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:foreman:1.7.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:foreman:1.8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:theforeman:foreman:1.8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:foreman:1.8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:foreman:1.8.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:theforeman:foreman:1.8.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:foreman:1.8.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:foreman:1.8.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:theforeman:foreman:1.8.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:foreman:1.8.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:foreman:1.8.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:theforeman:foreman:1.8.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:foreman:1.8.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:foreman:1.8.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:theforeman:foreman:1.8.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:foreman:1.8.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:foreman:1.9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:theforeman:foreman:1.9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:foreman:1.9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:foreman:1.9.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:theforeman:foreman:1.9.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:foreman:1.9.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:foreman:1.9.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:theforeman:foreman:1.9.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:foreman:1.9.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:foreman:1.9.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:theforeman:foreman:1.9.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:foreman:1.9.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5282","reference_id":"CVE-2015-5282","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"},{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5282"}],"fixed_packages":[],"aliases":["CVE-2015-5282"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sh6q-bacd-4fah"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/85617?format=json","vulnerability_id":"VCID-sqjb-qpyd-p7gn","summary":"foreman: edit_users permission allows changing of admin passwords","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3235.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3235.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3235","reference_id":"","reference_type":"","scores":[{"value":"0.0057","scoring_system":"epss","scoring_elements":"0.68522","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0057","scoring_system":"epss","scoring_elements":"0.6854","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0057","scoring_system":"epss","scoring_elements":"0.68558","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0057","scoring_system":"epss","scoring_elements":"0.68537","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0057","scoring_system":"epss","scoring_elements":"0.68588","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0057","scoring_system":"epss","scoring_elements":"0.68605","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0057","scoring_system":"epss","scoring_elements":"0.68631","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0057","scoring_system":"epss","scoring_elements":"0.68618","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0057","scoring_system":"epss","scoring_elements":"0.68589","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3235"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1232366","reference_id":"1232366","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1232366"}],"fixed_packages":[],"aliases":["CVE-2015-3235"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sqjb-qpyd-p7gn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5397?format=json","vulnerability_id":"VCID-tbug-mv5x-uucb","summary":"The Server.verify_request function in SimpleGeo python-oauth2 does not check the nonce, which allows remote attackers to perform replay attacks via a signed URL.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1591","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2015:1591"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1592","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2015:1592"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4346.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4346.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2013-4346","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2013-4346"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4346","reference_id":"","reference_type":"","scores":[{"value":"0.00472","scoring_system":"epss","scoring_elements":"0.64597","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00472","scoring_system":"epss","scoring_elements":"0.64625","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00472","scoring_system":"epss","scoring_elements":"0.64653","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00472","scoring_system":"epss","scoring_elements":"0.64665","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00472","scoring_system":"epss","scoring_elements":"0.64648","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00472","scoring_system":"epss","scoring_elements":"0.64632","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00472","scoring_system":"epss","scoring_elements":"0.64584","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00472","scoring_system":"epss","scoring_elements":"0.64626","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00472","scoring_system":"epss","scoring_elements":"0.64544","published_at":"2026-04-01T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4346"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1007746","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1007746"},{"reference_url":"https://github.com/joestump/python-oauth2","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/joestump/python-oauth2"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/oauth2/PYSEC-2014-85.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/oauth2/PYSEC-2014-85.yaml"},{"reference_url":"https://github.com/simplegeo/python-oauth2/issues/129","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/simplegeo/python-oauth2/issues/129"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4346","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4346"},{"reference_url":"https://web.archive.org/web/20200228063302/http://www.securityfocus.com/bid/62386","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200228063302/http://www.securityfocus.com/bid/62386"},{"reference_url":"http://www.openwall.com/lists/oss-security/2013/09/12/7","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2013/09/12/7"},{"reference_url":"http://www.securityfocus.com/bid/62386","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/62386"},{"reference_url":"https://github.com/advisories/GHSA-4433-4cxq-vv73","reference_id":"GHSA-4433-4cxq-vv73","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4433-4cxq-vv73"}],"fixed_packages":[],"aliases":["CVE-2013-4346","GHSA-4433-4cxq-vv73","PYSEC-2014-85"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tbug-mv5x-uucb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/86174?format=json","vulnerability_id":"VCID-utxw-251d-gfff","summary":"rhn_satellite_6: cross-site request forgery (CSRF) can force logout","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3590.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3590.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3590","reference_id":"","reference_type":"","scores":[{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.47402","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.47436","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.47457","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.47407","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.47461","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.47458","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.47481","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.47456","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.47462","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3590"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1128108","reference_id":"1128108","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1128108"}],"fixed_packages":[],"aliases":["CVE-2014-3590"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-utxw-251d-gfff"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/85181?format=json","vulnerability_id":"VCID-w6f4-zp2b-7bbp","summary":"foreman: Missing input validation in Smart Proxy allows RCE via TFTP file variant parameter","references":[{"reference_url":"http://projects.theforeman.org/issues/14931","reference_id":"","reference_type":"","scores":[],"url":"http://projects.theforeman.org/issues/14931"},{"reference_url":"https://access.redhat.com/errata/RHBA-2016:1501","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHBA-2016:1501"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3728.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3728.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3728","reference_id":"","reference_type":"","scores":[{"value":"0.02004","scoring_system":"epss","scoring_elements":"0.83676","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02004","scoring_system":"epss","scoring_elements":"0.83681","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02004","scoring_system":"epss","scoring_elements":"0.83611","published_at":"2026-04-01T12:55:00Z"},{"value":"0.02004","scoring_system":"epss","scoring_elements":"0.83623","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02004","scoring_system":"epss","scoring_elements":"0.83638","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02004","scoring_system":"epss","scoring_elements":"0.8364","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02004","scoring_system":"epss","scoring_elements":"0.83664","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02004","scoring_system":"epss","scoring_elements":"0.8367","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02004","scoring_system":"epss","scoring_elements":"0.83687","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3728"},{"reference_url":"https://github.com/theforeman/smart-proxy/commit/eef532aa668d656b9d61d9c6edf7c2505f3f43c7","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/theforeman/smart-proxy/commit/eef532aa668d656b9d61d9c6edf7c2505f3f43c7"},{"reference_url":"http://theforeman.org/security.html#2016-3728","reference_id":"","reference_type":"","scores":[],"url":"http://theforeman.org/security.html#2016-3728"},{"reference_url":"http://www.openwall.com/lists/oss-security/2016/05/19/2","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2016/05/19/2"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1333378","reference_id":"1333378","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1333378"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:foreman:1.10.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:theforeman:foreman:1.10.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:foreman:1.10.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:foreman:1.11.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:theforeman:foreman:1.11.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:foreman:1.11.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:foreman:1.11.0:rc1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:theforeman:foreman:1.11.0:rc1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:foreman:1.11.0:rc1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:foreman:1.11.0:rc2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:theforeman:foreman:1.11.0:rc2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:foreman:1.11.0:rc2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:foreman:1.11.0:rc3:*:*:*:*:*:*","reference_id":"cpe:2.3:a:theforeman:foreman:1.11.0:rc3:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:foreman:1.11.0:rc3:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:foreman:1.11.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:theforeman:foreman:1.11.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:foreman:1.11.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-3728","reference_id":"CVE-2016-3728","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"},{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-3728"}],"fixed_packages":[],"aliases":["CVE-2016-3728"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"7.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w6f4-zp2b-7bbp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/85599?format=json","vulnerability_id":"VCID-yymw-3u57-4ueu","summary":"Foreman: API permits HTTP requests when require_ssl is enabled","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5152.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5152.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5152","reference_id":"","reference_type":"","scores":[{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52436","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52483","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52509","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52476","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52529","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52523","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52574","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52558","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52543","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5152"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1243571","reference_id":"1243571","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1243571"}],"fixed_packages":[],"aliases":["CVE-2015-5152"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yymw-3u57-4ueu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5398?format=json","vulnerability_id":"VCID-zkgb-14kz-33dz","summary":"The (1) make_nonce, (2) generate_nonce, and (3) generate_verifier functions in SimpleGeo python-oauth2 uses weak random numbers to generate nonces, which makes it easier for remote attackers to guess the nonce via a brute force attack.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1591","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2015:1591"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1592","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2015:1592"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4347.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4347.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2013-4347","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2013-4347"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4347","reference_id":"","reference_type":"","scores":[{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61402","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61421","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61276","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61355","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61383","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61353","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.614","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61415","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61436","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4347"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1007758","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1007758"},{"reference_url":"https://github.com/joestump/python-oauth2","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/joestump/python-oauth2"},{"reference_url":"https://github.com/joestump/python-oauth2/commit/82dd2cdd4954cd7b8983d5d64c0dfd9072bf4650","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/joestump/python-oauth2/commit/82dd2cdd4954cd7b8983d5d64c0dfd9072bf4650"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/oauth2/PYSEC-2014-86.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/oauth2/PYSEC-2014-86.yaml"},{"reference_url":"https://github.com/simplegeo/python-oauth2/issues/9","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/simplegeo/python-oauth2/issues/9"},{"reference_url":"https://github.com/simplegeo/python-oauth2/pull/146","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/simplegeo/python-oauth2/pull/146"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4347","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4347"},{"reference_url":"http://www.openwall.com/lists/oss-security/2013/09/12/7","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2013/09/12/7"},{"reference_url":"http://www.securityfocus.com/bid/62388","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/62388"},{"reference_url":"https://github.com/advisories/GHSA-rv8h-p43r-4x5r","reference_id":"GHSA-rv8h-p43r-4x5r","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rv8h-p43r-4x5r"}],"fixed_packages":[],"aliases":["CVE-2013-4347","GHSA-rv8h-p43r-4x5r","PYSEC-2014-86"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zkgb-14kz-33dz"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rubygem-tilt@1.3.3-18%3Farch=el6sat"}