{"url":"http://public2.vulnerablecode.io/api/packages/143500?format=json","purl":"pkg:rpm/redhat/appstream-data@7-20180614?arch=el7","type":"rpm","namespace":"redhat","name":"appstream-data","version":"7-20180614","qualifiers":{"arch":"el7"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69440?format=json","vulnerability_id":"VCID-3sfc-a2u5-nkgt","summary":"FreeType before 2.6.1 has a buffer over-read in skip_comment in psaux/psobjs.c because ps_parser_skip_PS_token is mishandled in an FT_New_Memory_Face operation.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-9382.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-9382.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-9382","reference_id":"","reference_type":"","scores":[{"value":"0.00798","scoring_system":"epss","scoring_elements":"0.74367","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00798","scoring_system":"epss","scoring_elements":"0.74399","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-9382"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9382","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9382"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1763609","reference_id":"1763609","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1763609"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3140","reference_id":"RHSA-2018:3140","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3140"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:4254","reference_id":"RHSA-2019:4254","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:4254"},{"reference_url":"https://usn.ubuntu.com/4126-2/","reference_id":"USN-4126-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4126-2/"}],"fixed_packages":[],"aliases":["CVE-2015-9382"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3sfc-a2u5-nkgt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98445?format=json","vulnerability_id":"VCID-4hjh-cqg4-wqdk","summary":"The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service (infinite recursion) via a crafted PDF file, as demonstrated by pdftops.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-18267.json","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-18267.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-18267","reference_id":"","reference_type":"","scores":[{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.51066","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.51128","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-18267"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18267","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18267"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1578777","reference_id":"1578777","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1578777"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898357","reference_id":"898357","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898357"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3140","reference_id":"RHSA-2018:3140","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3140"},{"reference_url":"https://usn.ubuntu.com/3647-1/","reference_id":"USN-3647-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3647-1/"}],"fixed_packages":[],"aliases":["CVE-2017-18267"],"risk_score":2.3,"exploitability":"0.5","weighted_severity":"4.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4hjh-cqg4-wqdk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98455?format=json","vulnerability_id":"VCID-7ukn-38hy-dffs","summary":"There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h in an Ubuntu package for Poppler 0.24.5. A crafted input will lead to a remote denial of service attack. Later Ubuntu packages such as for Poppler 0.41.0 are not affected.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10768.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10768.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-10768","reference_id":"","reference_type":"","scores":[{"value":"0.01853","scoring_system":"epss","scoring_elements":"0.83365","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01853","scoring_system":"epss","scoring_elements":"0.83389","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-10768"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10768","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10768"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1576169","reference_id":"1576169","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1576169"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3140","reference_id":"RHSA-2018:3140","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3140"},{"reference_url":"https://usn.ubuntu.com/3647-1/","reference_id":"USN-3647-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3647-1/"}],"fixed_packages":[],"aliases":["CVE-2018-10768"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7ukn-38hy-dffs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76257?format=json","vulnerability_id":"VCID-9b9k-93ve-pbdu","summary":"There is a stack-based buffer over-read in calling GLib in the function gxps_images_guess_content_type of gxps-images.c in libgxps through 0.3.0 because it does not reject negative return values from a g_input_stream_read call. A crafted input will lead to a remote denial of service attack.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10767.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10767.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-10767","reference_id":"","reference_type":"","scores":[{"value":"0.00854","scoring_system":"epss","scoring_elements":"0.75306","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00854","scoring_system":"epss","scoring_elements":"0.75335","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-10767"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10767","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10767"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1576175","reference_id":"1576175","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1576175"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898133","reference_id":"898133","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898133"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3140","reference_id":"RHSA-2018:3140","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3140"}],"fixed_packages":[],"aliases":["CVE-2018-10767"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9b9k-93ve-pbdu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69863?format=json","vulnerability_id":"VCID-bspu-grjr-f7h4","summary":"An exploitable heap overflow vulnerability exists in the gdk_pixbuf__jpeg_image_load_increment functionality of Gdk-Pixbuf 2.36.6. A specially crafted jpeg file can cause a heap overflow resulting in remote code execution. An attacker can send a file or url to trigger this vulnerability.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2862.json","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2862.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-2862","reference_id":"","reference_type":"","scores":[{"value":"0.04562","scoring_system":"epss","scoring_elements":"0.89386","published_at":"2026-06-04T12:55:00Z"},{"value":"0.04562","scoring_system":"epss","scoring_elements":"0.89404","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-2862"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2862","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2862"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1488817","reference_id":"1488817","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1488817"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874552","reference_id":"874552","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874552"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3140","reference_id":"RHSA-2018:3140","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3140"},{"reference_url":"https://usn.ubuntu.com/3418-1/","reference_id":"USN-3418-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3418-1/"}],"fixed_packages":[],"aliases":["CVE-2017-2862"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bspu-grjr-f7h4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/104431?format=json","vulnerability_id":"VCID-erk4-udeu-r3eq","summary":"An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-4121.json","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-4121.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-4121","reference_id":"","reference_type":"","scores":[{"value":"0.3861","scoring_system":"epss","scoring_elements":"0.97329","published_at":"2026-06-04T12:55:00Z"},{"value":"0.3861","scoring_system":"epss","scoring_elements":"0.97333","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-4121"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4121","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4121"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1577387","reference_id":"1577387","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1577387"},{"reference_url":"https://bugs.chromium.org/p/project-zero/issues/detail?id=1522","reference_id":"CVE-2018-4121","reference_type":"exploit","scores":[],"url":"https://bugs.chromium.org/p/project-zero/issues/detail?id=1522"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/44427.txt","reference_id":"CVE-2018-4121","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/44427.txt"},{"reference_url":"https://security.gentoo.org/glsa/201808-04","reference_id":"GLSA-201808-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201808-04"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3140","reference_id":"RHSA-2018:3140","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3140"}],"fixed_packages":[],"aliases":["CVE-2018-4121"],"risk_score":9.0,"exploitability":"2.0","weighted_severity":"4.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-erk4-udeu-r3eq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98456?format=json","vulnerability_id":"VCID-fmqa-fers-5ydf","summary":"Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corruption and denial of service. This may be exploitable when a victim opens a specially crafted PDF file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-13988.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-13988.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-13988","reference_id":"","reference_type":"","scores":[{"value":"0.00696","scoring_system":"epss","scoring_elements":"0.72309","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00696","scoring_system":"epss","scoring_elements":"0.72351","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-13988"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13988","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13988"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1602838","reference_id":"1602838","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1602838"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904922","reference_id":"904922","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904922"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3140","reference_id":"RHSA-2018:3140","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3140"},{"reference_url":"https://usn.ubuntu.com/3757-1/","reference_id":"USN-3757-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3757-1/"}],"fixed_packages":[],"aliases":["CVE-2018-13988"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fmqa-fers-5ydf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/104413?format=json","vulnerability_id":"VCID-h8nb-gtwb-3yhk","summary":"WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ versions 2.20.0 and 2.20.1, failed to perform TLS certificate verification for WebSocket connections.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11712.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11712.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11712","reference_id":"","reference_type":"","scores":[{"value":"0.00216","scoring_system":"epss","scoring_elements":"0.4415","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00216","scoring_system":"epss","scoring_elements":"0.44219","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11712"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11712","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11712"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1588742","reference_id":"1588742","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1588742"},{"reference_url":"https://security.gentoo.org/glsa/201808-04","reference_id":"GLSA-201808-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201808-04"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3140","reference_id":"RHSA-2018:3140","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3140"}],"fixed_packages":[],"aliases":["CVE-2018-11712"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h8nb-gtwb-3yhk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58460?format=json","vulnerability_id":"VCID-k4kq-fbtc-1qbt","summary":"Directory Traversal with ../ sequences occurs in AccountsService before 0.6.50 because of an insufficient path check in user_change_icon_file_authorized_cb() in user.c.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14036.json","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14036.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14036","reference_id":"","reference_type":"","scores":[{"value":"0.01239","scoring_system":"epss","scoring_elements":"0.79577","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01239","scoring_system":"epss","scoring_elements":"0.79603","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14036"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14036","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14036"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1601019","reference_id":"1601019","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1601019"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903828","reference_id":"903828","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903828"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3140","reference_id":"RHSA-2018:3140","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3140"},{"reference_url":"https://usn.ubuntu.com/4616-1/","reference_id":"USN-4616-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4616-1/"},{"reference_url":"https://usn.ubuntu.com/4616-2/","reference_id":"USN-4616-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4616-2/"}],"fixed_packages":[],"aliases":["CVE-2018-14036"],"risk_score":2.2,"exploitability":"0.5","weighted_severity":"4.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k4kq-fbtc-1qbt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/104448?format=json","vulnerability_id":"VCID-p55u-zx5u-7kax","summary":"An issue was discovered in certain Apple products. iOS before 11.3.1 is affected. Safari before 11.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site that triggers a WebCore::jsElementScrollHeightGetter use-after-free.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-4200.json","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-4200.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-4200","reference_id":"","reference_type":"","scores":[{"value":"0.40022","scoring_system":"epss","scoring_elements":"0.97408","published_at":"2026-06-04T12:55:00Z"},{"value":"0.40022","scoring_system":"epss","scoring_elements":"0.97414","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-4200"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4200","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4200"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1577385","reference_id":"1577385","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1577385"},{"reference_url":"https://bugs.chromium.org/p/project-zero/issues/detail?id=1525","reference_id":"CVE-2018-4200","reference_type":"exploit","scores":[],"url":"https://bugs.chromium.org/p/project-zero/issues/detail?id=1525"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/44566.html","reference_id":"CVE-2018-4200","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/44566.html"},{"reference_url":"https://security.gentoo.org/glsa/201808-04","reference_id":"GLSA-201808-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201808-04"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3140","reference_id":"RHSA-2018:3140","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3140"},{"reference_url":"https://usn.ubuntu.com/3640-1/","reference_id":"USN-3640-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3640-1/"}],"fixed_packages":[],"aliases":["CVE-2018-4200"],"risk_score":9.0,"exploitability":"2.0","weighted_severity":"4.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p55u-zx5u-7kax"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69437?format=json","vulnerability_id":"VCID-p7jb-tuz7-t3h7","summary":"FreeType before 2.6.1 has a heap-based buffer over-read in T1_Get_Private_Dict in type1/t1parse.c.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-9381.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-9381.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-9381","reference_id":"","reference_type":"","scores":[{"value":"0.00711","scoring_system":"epss","scoring_elements":"0.72627","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00711","scoring_system":"epss","scoring_elements":"0.72666","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-9381"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9381","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9381"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1752788","reference_id":"1752788","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1752788"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3140","reference_id":"RHSA-2018:3140","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3140"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:4254","reference_id":"RHSA-2019:4254","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:4254"},{"reference_url":"https://usn.ubuntu.com/4126-2/","reference_id":"USN-4126-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4126-2/"}],"fixed_packages":[],"aliases":["CVE-2015-9381"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p7jb-tuz7-t3h7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/104414?format=json","vulnerability_id":"VCID-qb6u-ddgw-zyhf","summary":"WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ prior to version 2.20.0 or without libsoup 2.62.0, unexpectedly failed to use system proxy settings for WebSocket connections. As a result, users could be deanonymized by crafted web sites via a WebSocket connection.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11713.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11713.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11713","reference_id":"","reference_type":"","scores":[{"value":"0.00551","scoring_system":"epss","scoring_elements":"0.68346","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00551","scoring_system":"epss","scoring_elements":"0.68388","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11713"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11713","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11713"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1588739","reference_id":"1588739","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1588739"},{"reference_url":"https://security.gentoo.org/glsa/201808-04","reference_id":"GLSA-201808-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201808-04"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3140","reference_id":"RHSA-2018:3140","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3140"}],"fixed_packages":[],"aliases":["CVE-2018-11713"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qb6u-ddgw-zyhf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76256?format=json","vulnerability_id":"VCID-tqk7-nf3c-cfhy","summary":"There is a heap-based buffer over-read in the function ft_font_face_hash of gxps-fonts.c in libgxps through 0.3.0. A crafted input will lead to a remote denial of service attack.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10733.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10733.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-10733","reference_id":"","reference_type":"","scores":[{"value":"0.00799","scoring_system":"epss","scoring_elements":"0.7438","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00799","scoring_system":"epss","scoring_elements":"0.74412","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-10733"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10733","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10733"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1576111","reference_id":"1576111","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1576111"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897954","reference_id":"897954","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897954"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3140","reference_id":"RHSA-2018:3140","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3140"}],"fixed_packages":[],"aliases":["CVE-2018-10733"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tqk7-nf3c-cfhy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/104450?format=json","vulnerability_id":"VCID-yzd8-pjer-mkgf","summary":"An issue was discovered in certain Apple products. iOS before 11.4 is affected. iOS before 11.3.1 is affected. Safari before 11.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-4204.json","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-4204.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-4204","reference_id":"","reference_type":"","scores":[{"value":"0.03746","scoring_system":"epss","scoring_elements":"0.88222","published_at":"2026-06-04T12:55:00Z"},{"value":"0.03746","scoring_system":"epss","scoring_elements":"0.88241","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-4204"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4204","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4204"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1577374","reference_id":"1577374","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1577374"},{"reference_url":"https://security.gentoo.org/glsa/201808-04","reference_id":"GLSA-201808-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201808-04"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3140","reference_id":"RHSA-2018:3140","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3140"}],"fixed_packages":[],"aliases":["CVE-2018-4204"],"risk_score":2.2,"exploitability":"0.5","weighted_severity":"4.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yzd8-pjer-mkgf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77375?format=json","vulnerability_id":"VCID-zsuu-ju1a-4qfz","summary":"The get_cookies function in soup-cookie-jar.c in libsoup 2.63.2 allows attackers to have unspecified impact via an empty hostname.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12910.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12910.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-12910","reference_id":"","reference_type":"","scores":[{"value":"0.04538","scoring_system":"epss","scoring_elements":"0.89361","published_at":"2026-06-04T12:55:00Z"},{"value":"0.04538","scoring_system":"epss","scoring_elements":"0.8938","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-12910"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12910","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12910"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1597980","reference_id":"1597980","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1597980"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3140","reference_id":"RHSA-2018:3140","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3140"},{"reference_url":"https://usn.ubuntu.com/3701-1/","reference_id":"USN-3701-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3701-1/"}],"fixed_packages":[],"aliases":["CVE-2018-12910"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zsuu-ju1a-4qfz"}],"fixing_vulnerabilities":[],"risk_score":"9.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/appstream-data@7-20180614%3Farch=el7"}