{"url":"http://public2.vulnerablecode.io/api/packages/116257?format=json","purl":"pkg:rpm/redhat/openssh@6.6.1p1-23?arch=el7_2","type":"rpm","namespace":"redhat","name":"openssh","version":"6.6.1p1-23","qualifiers":{"arch":"el7_2"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61832?format=json","vulnerability_id":"VCID-e3hw-afkw-f7bt","summary":"Multiple vulnerabilities have been found in OpenSSH, allowing\n    attackers to leak client memory to a server, including private keys.","references":[{"reference_url":"http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10734","reference_id":"","reference_type":"","scores":[],"url":"http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10734"},{"reference_url":"http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00006.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00006.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00007.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00007.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00008.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00008.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00009.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00009.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00013.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00013.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00014.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00014.html"},{"reference_url":"http://packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-Overflow-Leak.html","reference_id":"","reference_type":"","scores":[],"url":"http://packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-Overflow-Leak.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0778.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0778.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-0778","reference_id":"","reference_type":"","scores":[{"value":"0.01092","scoring_system":"epss","scoring_elements":"0.78077","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01092","scoring_system":"epss","scoring_elements":"0.7805","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01092","scoring_system":"epss","scoring_elements":"0.7804","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01092","scoring_system":"epss","scoring_elements":"0.78093","published_at":"2026-05-09T12:55:00Z"},{"value":"0.01092","scoring_system":"epss","scoring_elements":"0.77994","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01092","scoring_system":"epss","scoring_elements":"0.77987","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01092","scoring_system":"epss","scoring_elements":"0.78019","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01092","scoring_system":"epss","scoring_elements":"0.78027","published_at":"2026-04-26T12:55:00Z"},{"value":"0.02029","scoring_system":"epss","scoring_elements":"0.83792","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02029","scoring_system":"epss","scoring_elements":"0.83755","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02029","scoring_system":"epss","scoring_elements":"0.83757","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02029","scoring_system":"epss","scoring_elements":"0.83781","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02029","scoring_system":"epss","scoring_elements":"0.83787","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02029","scoring_system":"epss","scoring_elements":"0.83803","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02029","scoring_system":"epss","scoring_elements":"0.83797","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02029","scoring_system":"epss","scoring_elements":"0.83826","published_at":"2026-04-16T12:55:00Z"},{"value":"0.02099","scoring_system":"epss","scoring_elements":"0.83985","published_at":"2026-04-01T12:55:00Z"},{"value":"0.02099","scoring_system":"epss","scoring_elements":"0.83999","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-0778"},{"reference_url":"https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/","reference_id":"","reference_type":"","scores":[],"url":"https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/"},{"reference_url":"https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/","reference_id":"","reference_type":"","scores":[],"url":"https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/"},{"reference_url":"https://bto.bluecoat.com/security-advisory/sa109","reference_id":"","reference_type":"","scores":[],"url":"https://bto.bluecoat.com/security-advisory/sa109"},{"reference_url":"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf","reference_id":"","reference_type":"","scores":[],"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0777","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0777"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0778","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0778"},{"reference_url":"http://seclists.org/fulldisclosure/2016/Jan/44","reference_id":"","reference_type":"","scores":[],"url":"http://seclists.org/fulldisclosure/2016/Jan/44"},{"reference_url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05247375","reference_id":"","reference_type":"","scores":[],"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05247375"},{"reference_url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388","reference_id":"","reference_type":"","scores":[],"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388"},{"reference_url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680","reference_id":"","reference_type":"","scores":[],"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680"},{"reference_url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722","reference_id":"","reference_type":"","scores":[],"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"},{"reference_url":"https://support.apple.com/HT206167","reference_id":"","reference_type":"","scores":[],"url":"https://support.apple.com/HT206167"},{"reference_url":"http://www.debian.org/security/2016/dsa-3446","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2016/dsa-3446"},{"reference_url":"http://www.openssh.com/txt/release-7.1p2","reference_id":"","reference_type":"","scores":[],"url":"http://www.openssh.com/txt/release-7.1p2"},{"reference_url":"http://www.openwall.com/lists/oss-security/2016/01/14/7","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2016/01/14/7"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"},{"reference_url":"http://www.securityfocus.com/archive/1/537295/100/0/threaded","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/archive/1/537295/100/0/threaded"},{"reference_url":"http://www.securityfocus.com/bid/80698","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/80698"},{"reference_url":"http://www.securitytracker.com/id/1034671","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1034671"},{"reference_url":"http://www.ubuntu.com/usn/USN-2869-1","reference_id":"","reference_type":"","scores":[],"url":"http://www.ubuntu.com/usn/USN-2869-1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1298033","reference_id":"1298033","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1298033"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:5.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openbsd:openssh:5.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:5.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:5.4:p1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openbsd:openssh:5.4:p1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:5.4:p1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:5.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openbsd:openssh:5.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:5.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:5.5:p1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openbsd:openssh:5.5:p1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:5.5:p1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:5.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openbsd:openssh:5.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:5.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:5.6:p1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openbsd:openssh:5.6:p1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:5.6:p1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:5.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openbsd:openssh:5.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:5.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:5.7:p1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openbsd:openssh:5.7:p1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:5.7:p1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:5.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openbsd:openssh:5.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:5.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:5.8:p1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openbsd:openssh:5.8:p1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:5.8:p1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:5.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openbsd:openssh:5.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:5.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:5.9:p1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openbsd:openssh:5.9:p1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:5.9:p1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openbsd:openssh:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:6.0:p1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openbsd:openssh:6.0:p1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:6.0:p1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:6.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openbsd:openssh:6.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:6.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:6.1:p1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openbsd:openssh:6.1:p1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:6.1:p1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:6.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openbsd:openssh:6.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:6.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:6.2:p1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openbsd:openssh:6.2:p1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:6.2:p1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:6.2:p2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openbsd:openssh:6.2:p2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:6.2:p2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:6.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openbsd:openssh:6.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:6.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:6.3:p1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openbsd:openssh:6.3:p1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:6.3:p1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:6.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openbsd:openssh:6.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:6.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:6.4:p1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openbsd:openssh:6.4:p1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:6.4:p1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:6.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openbsd:openssh:6.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:6.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:6.5:p1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openbsd:openssh:6.5:p1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:6.5:p1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:6.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openbsd:openssh:6.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:6.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:6.6:p1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openbsd:openssh:6.6:p1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:6.6:p1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:6.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openbsd:openssh:6.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:6.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:6.7:p1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openbsd:openssh:6.7:p1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:6.7:p1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:6.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openbsd:openssh:6.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:6.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:6.8:p1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openbsd:openssh:6.8:p1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:6.8:p1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:6.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openbsd:openssh:6.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:6.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:6.9:p1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openbsd:openssh:6.9:p1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:6.9:p1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openbsd:openssh:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:7.0:p1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openbsd:openssh:7.0:p1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:7.0:p1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:7.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openbsd:openssh:7.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:7.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:7.1:p1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openbsd:openssh:7.1:p1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:7.1:p1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sophos:unified_threat_management_software:9.353:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sophos:unified_threat_management_software:9.353:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sophos:unified_threat_management_software:9.353:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:hp:virtual_customer_access_system:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:hp:virtual_customer_access_system:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:hp:virtual_customer_access_system:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-0778","reference_id":"CVE-2016-0778","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:S/C:P/I:P/A:P"},{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-0778"},{"reference_url":"https://security.gentoo.org/glsa/201601-01","reference_id":"GLSA-201601-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201601-01"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0043","reference_id":"RHSA-2016:0043","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0043"},{"reference_url":"https://usn.ubuntu.com/2869-1/","reference_id":"USN-2869-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2869-1/"}],"fixed_packages":[],"aliases":["CVE-2016-0778"],"risk_score":3.6,"exploitability":"0.5","weighted_severity":"7.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e3hw-afkw-f7bt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61831?format=json","vulnerability_id":"VCID-wkpy-uwex-93db","summary":"Multiple vulnerabilities have been found in OpenSSH, allowing\n    attackers to leak client memory to a server, including private keys.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0777.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0777.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-0777","reference_id":"","reference_type":"","scores":[{"value":"0.67203","scoring_system":"epss","scoring_elements":"0.98578","published_at":"2026-05-09T12:55:00Z"},{"value":"0.67203","scoring_system":"epss","scoring_elements":"0.98549","published_at":"2026-04-02T12:55:00Z"},{"value":"0.67203","scoring_system":"epss","scoring_elements":"0.9857","published_at":"2026-04-29T12:55:00Z"},{"value":"0.67203","scoring_system":"epss","scoring_elements":"0.98576","published_at":"2026-05-05T12:55:00Z"},{"value":"0.67203","scoring_system":"epss","scoring_elements":"0.98548","published_at":"2026-04-01T12:55:00Z"},{"value":"0.67203","scoring_system":"epss","scoring_elements":"0.98558","published_at":"2026-04-09T12:55:00Z"},{"value":"0.67203","scoring_system":"epss","scoring_elements":"0.9856","published_at":"2026-04-12T12:55:00Z"},{"value":"0.67203","scoring_system":"epss","scoring_elements":"0.98561","published_at":"2026-04-13T12:55:00Z"},{"value":"0.67203","scoring_system":"epss","scoring_elements":"0.98566","published_at":"2026-04-21T12:55:00Z"},{"value":"0.67203","scoring_system":"epss","scoring_elements":"0.98567","published_at":"2026-04-18T12:55:00Z"},{"value":"0.67203","scoring_system":"epss","scoring_elements":"0.98569","published_at":"2026-04-24T12:55:00Z"},{"value":"0.7041","scoring_system":"epss","scoring_elements":"0.98679","published_at":"2026-04-04T12:55:00Z"},{"value":"0.7041","scoring_system":"epss","scoring_elements":"0.98682","published_at":"2026-04-07T12:55:00Z"},{"value":"0.7041","scoring_system":"epss","scoring_elements":"0.98684","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-0777"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0777","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0777"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0778","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0778"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1298032","reference_id":"1298032","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1298032"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=810984","reference_id":"810984","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=810984"},{"reference_url":"https://security.gentoo.org/glsa/201601-01","reference_id":"GLSA-201601-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201601-01"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0043","reference_id":"RHSA-2016:0043","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0043"},{"reference_url":"https://usn.ubuntu.com/2869-1/","reference_id":"USN-2869-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2869-1/"}],"fixed_packages":[],"aliases":["CVE-2016-0777"],"risk_score":0.3,"exploitability":"0.5","weighted_severity":"0.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wkpy-uwex-93db"}],"fixing_vulnerabilities":[],"risk_score":"3.6","resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openssh@6.6.1p1-23%3Farch=el7_2"}