{"url":"http://public2.vulnerablecode.io/api/packages/129063?format=json","purl":"pkg:deb/debian/smb4k@3.1.7-1?distro=trixie","type":"deb","namespace":"debian","name":"smb4k","version":"3.1.7-1","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"4.0.0-1+deb13u1","latest_non_vulnerable_version":"4.0.6-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/101025?format=json","vulnerability_id":"VCID-c3fh-96qv-wfaz","summary":"An  Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability allows local users ton perform arbitrary unmounts via smb4k mount helper","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-66002","reference_id":"","reference_type":"","scores":[{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06861","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.07292","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.07296","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06892","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06855","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-66002"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66002","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66002"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122381","reference_id":"1122381","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122381"},{"reference_url":"https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-66002","reference_id":"show_bug.cgi?id=CVE-2025-66002","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-08T15:55:46Z/"}],"url":"https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-66002"},{"reference_url":"https://security.opensuse.org/2025/12/10/smb4k-major-issues-in-kauth-helper.html","reference_id":"smb4k-major-issues-in-kauth-helper.html","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-08T15:55:46Z/"}],"url":"https://security.opensuse.org/2025/12/10/smb4k-major-issues-in-kauth-helper.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/129067?format=json","purl":"pkg:deb/debian/smb4k@4.0.0-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/smb4k@4.0.0-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129075?format=json","purl":"pkg:deb/debian/smb4k@4.0.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/smb4k@4.0.5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129066?format=json","purl":"pkg:deb/debian/smb4k@4.0.6-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/smb4k@4.0.6-1%3Fdistro=trixie"}],"aliases":["CVE-2025-66002"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c3fh-96qv-wfaz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/101026?format=json","vulnerability_id":"VCID-e2ru-9ex8-5kbs","summary":"An External Control of File Name or Path vulnerability in smb4k allowsl ocal users to perform a local root exploit via smb4k mounthelper if they can access and control the contents of a Samba shareThis issue affects smb4k: from ? before 4.0.5.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-66003","reference_id":"","reference_type":"","scores":[{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03017","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03438","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03452","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03071","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03052","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-66003"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66003","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66003"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122381","reference_id":"1122381","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122381"},{"reference_url":"https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-66003","reference_id":"show_bug.cgi?id=CVE-2025-66003","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-08T15:42:56Z/"}],"url":"https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-66003"},{"reference_url":"https://security.opensuse.org/2025/12/10/smb4k-major-issues-in-kauth-helper.html","reference_id":"smb4k-major-issues-in-kauth-helper.html","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-08T15:42:56Z/"}],"url":"https://security.opensuse.org/2025/12/10/smb4k-major-issues-in-kauth-helper.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/129067?format=json","purl":"pkg:deb/debian/smb4k@4.0.0-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/smb4k@4.0.0-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129075?format=json","purl":"pkg:deb/debian/smb4k@4.0.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/smb4k@4.0.5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129066?format=json","purl":"pkg:deb/debian/smb4k@4.0.6-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/smb4k@4.0.6-1%3Fdistro=trixie"}],"aliases":["CVE-2025-66003"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e2ru-9ex8-5kbs"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/101019?format=json","vulnerability_id":"VCID-1mp8-4at6-bfew","summary":"smb4k 0.4 and other versions before 0.6.3 allows local users to read sensitive files via a symlink attack on the (1) smb4k.tmp or (2) sudoers temporary files.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2005-2851","reference_id":"","reference_type":"","scores":[{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23259","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23342","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23328","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23283","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23228","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23232","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2005-2851"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2851","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2851"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=337471","reference_id":"337471","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=337471"},{"reference_url":"https://security.gentoo.org/glsa/200511-15","reference_id":"GLSA-200511-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200511-15"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/129064?format=json","purl":"pkg:deb/debian/smb4k@0.6.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/smb4k@0.6.4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129065?format=json","purl":"pkg:deb/debian/smb4k@3.0.7-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-c3fh-96qv-wfaz"},{"vulnerability":"VCID-e2ru-9ex8-5kbs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/smb4k@3.0.7-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129063?format=json","purl":"pkg:deb/debian/smb4k@3.1.7-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-c3fh-96qv-wfaz"},{"vulnerability":"VCID-e2ru-9ex8-5kbs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/smb4k@3.1.7-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129067?format=json","purl":"pkg:deb/debian/smb4k@4.0.0-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/smb4k@4.0.0-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129066?format=json","purl":"pkg:deb/debian/smb4k@4.0.6-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/smb4k@4.0.6-1%3Fdistro=trixie"}],"aliases":["CVE-2005-2851"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1mp8-4at6-bfew"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/101024?format=json","vulnerability_id":"VCID-62yg-9etz-77h9","summary":"Smb4K before 1.1.1 allows remote attackers to obtain credentials via vectors related to the cuid option in the \"Additional options\" line edit.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-2581","reference_id":"","reference_type":"","scores":[{"value":"0.01984","scoring_system":"epss","scoring_elements":"0.83909","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01984","scoring_system":"epss","scoring_elements":"0.83932","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01984","scoring_system":"epss","scoring_elements":"0.83935","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01984","scoring_system":"epss","scoring_elements":"0.8393","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01984","scoring_system":"epss","scoring_elements":"0.8392","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01984","scoring_system":"epss","scoring_elements":"0.83934","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-2581"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2581","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2581"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742816","reference_id":"742816","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742816"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/129072?format=json","purl":"pkg:deb/debian/smb4k@1.1.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/smb4k@1.1.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129065?format=json","purl":"pkg:deb/debian/smb4k@3.0.7-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-c3fh-96qv-wfaz"},{"vulnerability":"VCID-e2ru-9ex8-5kbs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/smb4k@3.0.7-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129063?format=json","purl":"pkg:deb/debian/smb4k@3.1.7-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-c3fh-96qv-wfaz"},{"vulnerability":"VCID-e2ru-9ex8-5kbs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/smb4k@3.1.7-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129067?format=json","purl":"pkg:deb/debian/smb4k@4.0.0-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/smb4k@4.0.0-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129066?format=json","purl":"pkg:deb/debian/smb4k@4.0.6-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/smb4k@4.0.6-1%3Fdistro=trixie"}],"aliases":["CVE-2014-2581"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-62yg-9etz-77h9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/101023?format=json","vulnerability_id":"VCID-7axc-5xu9-jqa3","summary":"Multiple stack-based buffer overflows in utilities/smb4k_*.cpp in Smb4K before 0.8.0 allow local users, when present on the Smb4K sudoers list, to gain privileges via unspecified vectors related to the args variable and unspecified other variables, in conjunction with the sudo configuration.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-0475","reference_id":"","reference_type":"","scores":[{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.32885","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.32989","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.33003","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.32964","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.32932","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.32953","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-0475"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0475","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0475"},{"reference_url":"https://security.gentoo.org/glsa/200703-09","reference_id":"GLSA-200703-09","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200703-09"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/129070?format=json","purl":"pkg:deb/debian/smb4k@0.8.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/smb4k@0.8.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129065?format=json","purl":"pkg:deb/debian/smb4k@3.0.7-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-c3fh-96qv-wfaz"},{"vulnerability":"VCID-e2ru-9ex8-5kbs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/smb4k@3.0.7-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129063?format=json","purl":"pkg:deb/debian/smb4k@3.1.7-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-c3fh-96qv-wfaz"},{"vulnerability":"VCID-e2ru-9ex8-5kbs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/smb4k@3.1.7-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129067?format=json","purl":"pkg:deb/debian/smb4k@4.0.0-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/smb4k@4.0.0-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129066?format=json","purl":"pkg:deb/debian/smb4k@4.0.6-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/smb4k@4.0.6-1%3Fdistro=trixie"}],"aliases":["CVE-2007-0475"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7axc-5xu9-jqa3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/101021?format=json","vulnerability_id":"VCID-944z-c3nq-5qep","summary":"The writeFile function in core/smb4kfileio.cpp in Smb4K before 0.8.0 does not preserve /etc/sudoers permissions across modifications, which allows local users to obtain sensitive information (/etc/sudoers contents) by reading this file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-0473","reference_id":"","reference_type":"","scores":[{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18936","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.19011","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18969","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18897","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18917","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-0473"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0473","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0473"},{"reference_url":"https://security.gentoo.org/glsa/200703-09","reference_id":"GLSA-200703-09","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200703-09"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/129068?format=json","purl":"pkg:deb/debian/smb4k@0.8.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/smb4k@0.8.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129065?format=json","purl":"pkg:deb/debian/smb4k@3.0.7-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-c3fh-96qv-wfaz"},{"vulnerability":"VCID-e2ru-9ex8-5kbs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/smb4k@3.0.7-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129063?format=json","purl":"pkg:deb/debian/smb4k@3.1.7-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-c3fh-96qv-wfaz"},{"vulnerability":"VCID-e2ru-9ex8-5kbs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/smb4k@3.1.7-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129067?format=json","purl":"pkg:deb/debian/smb4k@4.0.0-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/smb4k@4.0.0-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129066?format=json","purl":"pkg:deb/debian/smb4k@4.0.6-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/smb4k@4.0.6-1%3Fdistro=trixie"}],"aliases":["CVE-2007-0473"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-944z-c3nq-5qep"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/101020?format=json","vulnerability_id":"VCID-ff46-868c-b7cj","summary":"Multiple race conditions in Smb4K before 0.8.0 allow local users to (1) modify arbitrary files via unspecified manipulations of Smb4K's lock file, which is not properly handled by the remove_lock_file function in core/smb4kfileio.cpp, and (2) add lines to the sudoers file via a symlink attack on temporary files, which isn't properly handled by the writeFile function in core/smb4kfileio.cpp.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-0472","reference_id":"","reference_type":"","scores":[{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23268","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23351","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23337","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23292","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23238","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23242","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-0472"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0472","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0472"},{"reference_url":"https://security.gentoo.org/glsa/200703-09","reference_id":"GLSA-200703-09","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200703-09"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/129068?format=json","purl":"pkg:deb/debian/smb4k@0.8.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/smb4k@0.8.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129065?format=json","purl":"pkg:deb/debian/smb4k@3.0.7-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-c3fh-96qv-wfaz"},{"vulnerability":"VCID-e2ru-9ex8-5kbs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/smb4k@3.0.7-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129063?format=json","purl":"pkg:deb/debian/smb4k@3.1.7-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-c3fh-96qv-wfaz"},{"vulnerability":"VCID-e2ru-9ex8-5kbs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/smb4k@3.1.7-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129067?format=json","purl":"pkg:deb/debian/smb4k@4.0.0-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/smb4k@4.0.0-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129066?format=json","purl":"pkg:deb/debian/smb4k@4.0.6-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/smb4k@4.0.6-1%3Fdistro=trixie"}],"aliases":["CVE-2007-0472"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ff46-868c-b7cj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/101022?format=json","vulnerability_id":"VCID-ghna-vxgd-syhj","summary":"Smb4K before 0.8.0 allow local users, when present on the Smb4K sudoers list, to kill arbitrary processes, related to a \"design issue with smb4k_kill.\"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-0474","reference_id":"","reference_type":"","scores":[{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.22022","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.22105","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.22091","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.22044","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.21987","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.21996","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-0474"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0474","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0474"},{"reference_url":"https://security.gentoo.org/glsa/200703-09","reference_id":"GLSA-200703-09","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200703-09"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/129070?format=json","purl":"pkg:deb/debian/smb4k@0.8.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/smb4k@0.8.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129065?format=json","purl":"pkg:deb/debian/smb4k@3.0.7-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-c3fh-96qv-wfaz"},{"vulnerability":"VCID-e2ru-9ex8-5kbs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/smb4k@3.0.7-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129063?format=json","purl":"pkg:deb/debian/smb4k@3.1.7-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-c3fh-96qv-wfaz"},{"vulnerability":"VCID-e2ru-9ex8-5kbs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/smb4k@3.1.7-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129067?format=json","purl":"pkg:deb/debian/smb4k@4.0.0-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/smb4k@4.0.0-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129066?format=json","purl":"pkg:deb/debian/smb4k@4.0.6-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/smb4k@4.0.6-1%3Fdistro=trixie"}],"aliases":["CVE-2007-0474"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ghna-vxgd-syhj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6570?format=json","vulnerability_id":"VCID-rru8-8xsb-cfcj","summary":"privilege escalation","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-8849","reference_id":"","reference_type":"","scores":[{"value":"0.00129","scoring_system":"epss","scoring_elements":"0.31874","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00129","scoring_system":"epss","scoring_elements":"0.31834","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00129","scoring_system":"epss","scoring_elements":"0.31905","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00129","scoring_system":"epss","scoring_elements":"0.31826","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00129","scoring_system":"epss","scoring_elements":"0.31835","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00129","scoring_system":"epss","scoring_elements":"0.31802","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-8849"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8849","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8849"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862505","reference_id":"862505","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862505"},{"reference_url":"https://security.archlinux.org/ASA-201705-11","reference_id":"ASA-201705-11","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201705-11"},{"reference_url":"https://security.archlinux.org/AVG-268","reference_id":"AVG-268","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-268"},{"reference_url":"https://security.gentoo.org/glsa/201705-14","reference_id":"GLSA-201705-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201705-14"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/129073?format=json","purl":"pkg:deb/debian/smb4k@1.2.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/smb4k@1.2.1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129065?format=json","purl":"pkg:deb/debian/smb4k@3.0.7-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-c3fh-96qv-wfaz"},{"vulnerability":"VCID-e2ru-9ex8-5kbs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/smb4k@3.0.7-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129063?format=json","purl":"pkg:deb/debian/smb4k@3.1.7-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-c3fh-96qv-wfaz"},{"vulnerability":"VCID-e2ru-9ex8-5kbs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/smb4k@3.1.7-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129067?format=json","purl":"pkg:deb/debian/smb4k@4.0.0-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/smb4k@4.0.0-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129066?format=json","purl":"pkg:deb/debian/smb4k@4.0.6-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/smb4k@4.0.6-1%3Fdistro=trixie"}],"aliases":["CVE-2017-8849"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rru8-8xsb-cfcj"}],"risk_score":"2.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/smb4k@3.1.7-1%3Fdistro=trixie"}