{"url":"http://public2.vulnerablecode.io/api/packages/146172?format=json","purl":"pkg:rpm/redhat/tfm-rubygem-hammer_cli@0.11.0.1-1?arch=el7sat","type":"rpm","namespace":"redhat","name":"tfm-rubygem-hammer_cli","version":"0.11.0.1-1","qualifiers":{"arch":"el7sat"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38117?format=json","vulnerability_id":"VCID-1qgk-p79g-y7gx","summary":"Information disclosure vulnerability\nsafemode for Ruby, when initialized with a delegate object that is a Rails controller, allows context-dependent attackers to obtain sensitive information via the inspect method.","references":[{"reference_url":"http://projects.theforeman.org/issues/14635","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://projects.theforeman.org/issues/14635"},{"reference_url":"http://rubysec.com/advisories/CVE-2016-3693","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rubysec.com/advisories/CVE-2016-3693"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0336","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:0336"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3693.json","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3693.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3693","reference_id":"","reference_type":"","scores":[{"value":"0.00728","scoring_system":"epss","scoring_elements":"0.73036","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00728","scoring_system":"epss","scoring_elements":"0.72999","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3693"},{"reference_url":"http://seclists.org/oss-sec/2016/q2/119","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":""}],"url":"http://seclists.org/oss-sec/2016/q2/119"},{"reference_url":"https://github.com/svenfuchs/safemode","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/svenfuchs/safemode"},{"reference_url":"https://github.com/svenfuchs/safemode/commit/0f764a1720a3a68fd2842e21377c8bfad6d7126f","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/svenfuchs/safemode/commit/0f764a1720a3a68fd2842e21377c8bfad6d7126f"},{"reference_url":"https://github.com/theforeman/foreman/commit/82f9b93c54f72c5814df6bab7fad057eab65b2f2","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/theforeman/foreman/commit/82f9b93c54f72c5814df6bab7fad057eab65b2f2"},{"reference_url":"http://theforeman.org/security.html#2016-3693","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://theforeman.org/security.html#2016-3693"},{"reference_url":"http://www.openwall.com/lists/oss-security/2016/04/20/8","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2016/04/20/8"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1327471","reference_id":"1327471","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1327471"},{"reference_url":"http://rubysec.com/advisories/CVE-2016-3693/","reference_id":"CVE-2016-3693","reference_type":"","scores":[],"url":"http://rubysec.com/advisories/CVE-2016-3693/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-3693","reference_id":"CVE-2016-3693","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-3693"},{"reference_url":"https://github.com/advisories/GHSA-c92m-rrrc-q5wf","reference_id":"GHSA-c92m-rrrc-q5wf","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-c92m-rrrc-q5wf"}],"fixed_packages":[],"aliases":["CVE-2016-3693","GHSA-c92m-rrrc-q5wf"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1qgk-p79g-y7gx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/112834?format=json","vulnerability_id":"VCID-4gqc-k7e5-hqg1","summary":"foreman: Stored XSS via organization/location with HTML in name","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8639.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8639.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-8639","reference_id":"","reference_type":"","scores":[{"value":"0.00582","scoring_system":"epss","scoring_elements":"0.69331","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00582","scoring_system":"epss","scoring_elements":"0.69371","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-8639"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1393291","reference_id":"1393291","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1393291"}],"fixed_packages":[],"aliases":["CVE-2016-8639"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4gqc-k7e5-hqg1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/112386?format=json","vulnerability_id":"VCID-4qfx-t8sf-h7g8","summary":"foreman: Information leak through organizations and locations feature","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7078.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7078.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-7078","reference_id":"","reference_type":"","scores":[{"value":"0.00316","scoring_system":"epss","scoring_elements":"0.54948","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00316","scoring_system":"epss","scoring_elements":"0.55006","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-7078"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1386244","reference_id":"1386244","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1386244"}],"fixed_packages":[],"aliases":["CVE-2016-7078"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4qfx-t8sf-h7g8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/112179?format=json","vulnerability_id":"VCID-7rea-ykng-bkb9","summary":"foreman-debug: missing obfuscation of sensitive information","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9593.json","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9593.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9593","reference_id":"","reference_type":"","scores":[{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44407","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44475","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9593"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1406384","reference_id":"1406384","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1406384"}],"fixed_packages":[],"aliases":["CVE-2016-9593"],"risk_score":2.1,"exploitability":"0.5","weighted_severity":"4.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7rea-ykng-bkb9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/112288?format=json","vulnerability_id":"VCID-8wsh-3yq1-7bcp","summary":"foreman: Stored XSS in org/loc wizard","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8634.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8634.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-8634","reference_id":"","reference_type":"","scores":[{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55945","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.56","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-8634"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1391520","reference_id":"1391520","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1391520"}],"fixed_packages":[],"aliases":["CVE-2016-8634"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8wsh-3yq1-7bcp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/111970?format=json","vulnerability_id":"VCID-99nt-74qr-t3ds","summary":"foreman: Image password leak","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2672.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2672.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-2672","reference_id":"","reference_type":"","scores":[{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38639","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38729","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-2672"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1439537","reference_id":"1439537","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1439537"}],"fixed_packages":[],"aliases":["CVE-2017-2672"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-99nt-74qr-t3ds"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/112597?format=json","vulnerability_id":"VCID-baj4-m886-yufd","summary":"foreman: Persistent XSS in Foreman remote execution plugin","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6319.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6319.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6319","reference_id":"","reference_type":"","scores":[{"value":"0.00734","scoring_system":"epss","scoring_elements":"0.73123","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00734","scoring_system":"epss","scoring_elements":"0.73161","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6319"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1365815","reference_id":"1365815","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1365815"}],"fixed_packages":[],"aliases":["CVE-2016-6319"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-baj4-m886-yufd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40518?format=json","vulnerability_id":"VCID-e8ue-zdcp-v3a4","summary":"SQL Injection\nAn SQL injection was found in katello's errata-related API. An authenticated remote attacker can craft input data to force a malformed SQL query to the backend database, which will leak internal IDs. This is issue is related to an incomplete fix for CVE-2016-3072.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0336","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:0336"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14623.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14623.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2018-14623","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2018-14623"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14623","reference_id":"","reference_type":"","scores":[{"value":"0.00137","scoring_system":"epss","scoring_elements":"0.33364","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00137","scoring_system":"epss","scoring_elements":"0.33466","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14623"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14623","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":""},{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14623"},{"reference_url":"https://github.com/Katello/katello","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Katello/katello"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/katello/CVE-2018-14623.yml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/katello/CVE-2018-14623.yml"},{"reference_url":"https://web.archive.org/web/20200227100255/http://www.securityfocus.com/bid/106224","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200227100255/http://www.securityfocus.com/bid/106224"},{"reference_url":"http://www.securityfocus.com/bid/106224","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/106224"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1623719","reference_id":"1623719","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1623719"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14623","reference_id":"CVE-2018-14623","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14623"},{"reference_url":"https://github.com/advisories/GHSA-527r-mfmj-prqf","reference_id":"GHSA-527r-mfmj-prqf","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-527r-mfmj-prqf"},{"reference_url":"https://github.com/advisories/GHSA-jx5v-788g-qw58","reference_id":"GHSA-jx5v-788g-qw58","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jx5v-788g-qw58"}],"fixed_packages":[],"aliases":["CVE-2018-14623","GHSA-jx5v-788g-qw58"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e8ue-zdcp-v3a4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/112922?format=json","vulnerability_id":"VCID-jqeh-9azg-vffw","summary":"pulp: Leakage of CA key in pulp-qpid-ssl-cfg","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3696.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3696.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3696","reference_id":"","reference_type":"","scores":[{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16949","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.17028","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3696"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1328930","reference_id":"1328930","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1328930"}],"fixed_packages":[],"aliases":["CVE-2016-3696"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jqeh-9azg-vffw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/112886?format=json","vulnerability_id":"VCID-mj5s-ce9z-97d3","summary":"pulp: Unsafe use of bash $RANDOM for NSS DB password and seed","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3704.json","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3704.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3704","reference_id":"","reference_type":"","scores":[{"value":"0.00543","scoring_system":"epss","scoring_elements":"0.68073","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00543","scoring_system":"epss","scoring_elements":"0.68112","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3704"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1330264","reference_id":"1330264","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1330264"}],"fixed_packages":[],"aliases":["CVE-2016-3704"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mj5s-ce9z-97d3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39466?format=json","vulnerability_id":"VCID-mkgv-azrx-6yer","summary":"Improper Certificate Validation\nHammer CLI, a CLI utility for Foreman, does not explicitly set the `verify_ssl` flag for `apipie-bindings`. As a result the server certificates are not checked and connections are prone to man-in-the-middle attacks.","references":[{"reference_url":"http://projects.theforeman.org/issues/19033","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://projects.theforeman.org/issues/19033"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0336","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":""},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:0336"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2667.json","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2667.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-2667","reference_id":"","reference_type":"","scores":[{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29131","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.2906","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-2667"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1436262","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1436262"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/hammer_cli_foreman/CVE-2017-2667.yml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/hammer_cli_foreman/CVE-2017-2667.yml"},{"reference_url":"https://github.com/theforeman/hammer-cli-foreman","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/theforeman/hammer-cli-foreman"},{"reference_url":"https://web.archive.org/web/20200227181720/http://www.securityfocus.com/bid/97153","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200227181720/http://www.securityfocus.com/bid/97153"},{"reference_url":"http://www.securityfocus.com/bid/97153","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/97153"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-2667","reference_id":"CVE-2017-2667","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-2667"},{"reference_url":"https://github.com/advisories/GHSA-77h8-xr85-3x5q","reference_id":"GHSA-77h8-xr85-3x5q","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-77h8-xr85-3x5q"}],"fixed_packages":[],"aliases":["CVE-2017-2667","GHSA-77h8-xr85-3x5q"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mkgv-azrx-6yer"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/112175?format=json","vulnerability_id":"VCID-ngns-8m65-8fgm","summary":"katello-debug: Possible symlink attacks due to use of predictable file names","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9595.json","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9595.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9595","reference_id":"","reference_type":"","scores":[{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.13115","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.13193","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9595"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1406729","reference_id":"1406729","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1406729"}],"fixed_packages":[],"aliases":["CVE-2016-9595"],"risk_score":3.3,"exploitability":"0.5","weighted_severity":"6.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ngns-8m65-8fgm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/112390?format=json","vulnerability_id":"VCID-nyhv-pmy1-aqgn","summary":"foreman: Foreman information leak through unauthorized multiple_checkboxes helper","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7077.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7077.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-7077","reference_id":"","reference_type":"","scores":[{"value":"0.00251","scoring_system":"epss","scoring_elements":"0.48593","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00251","scoring_system":"epss","scoring_elements":"0.48656","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-7077"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1385777","reference_id":"1385777","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1385777"}],"fixed_packages":[],"aliases":["CVE-2016-7077"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nyhv-pmy1-aqgn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37613?format=json","vulnerability_id":"VCID-qjub-b93r-zfad","summary":"XSS vulnerabiliy in generated pagination links\nThe package will_paginate generate pagination links without escaping result. If user-controlled data is sent to will_paginate, there is a potential XSS vulnerability.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0336","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:0336"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6459.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6459.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-6459","reference_id":"","reference_type":"","scores":[{"value":"0.00257","scoring_system":"epss","scoring_elements":"0.49293","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00257","scoring_system":"epss","scoring_elements":"0.49355","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-6459"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6459","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6459"},{"reference_url":"https://github.com/mislav/will_paginate","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mislav/will_paginate"},{"reference_url":"https://github.com/mislav/will_paginate/releases/tag/v3.0.5","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mislav/will_paginate/releases/tag/v3.0.5"},{"reference_url":"https://groups.google.com/forum/#!topic/will_paginate/Dguinf-5Sbw","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!topic/will_paginate/Dguinf-5Sbw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-6459","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-6459"},{"reference_url":"https://web.archive.org/web/20150709163604/http://www.securityfocus.com/bid/64509","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20150709163604/http://www.securityfocus.com/bid/64509"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1046642","reference_id":"1046642","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1046642"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=733209","reference_id":"733209","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=733209"},{"reference_url":"https://github.com/advisories/GHSA-8r6h-7x9g-xmw9","reference_id":"GHSA-8r6h-7x9g-xmw9","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8r6h-7x9g-xmw9"}],"fixed_packages":[],"aliases":["CVE-2013-6459","GHSA-8r6h-7x9g-xmw9","OSV-101138"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qjub-b93r-zfad"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/112740?format=json","vulnerability_id":"VCID-qykc-fd8z-b7aa","summary":"foreman: inside discovery-debug, the root password is displayed in plaintext","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4996.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4996.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4996","reference_id":"","reference_type":"","scores":[{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12303","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12386","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4996"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1349136","reference_id":"1349136","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1349136"}],"fixed_packages":[],"aliases":["CVE-2016-4996"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qykc-fd8z-b7aa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/111025?format=json","vulnerability_id":"VCID-rzgz-2u1r-vfd6","summary":"Interconnect: Denial of Service vulnerability in Red Hat JBoss AMQ Interconnect","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15699.json","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15699.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15699","reference_id":"","reference_type":"","scores":[{"value":"0.01602","scoring_system":"epss","scoring_elements":"0.8204","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01602","scoring_system":"epss","scoring_elements":"0.82074","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15699"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1512724","reference_id":"1512724","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1512724"}],"fixed_packages":[],"aliases":["CVE-2017-15699"],"risk_score":2.7,"exploitability":"0.5","weighted_severity":"5.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rzgz-2u1r-vfd6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/112739?format=json","vulnerability_id":"VCID-sjqy-qthq-jfdc","summary":"foreman: Information disclosure in provisioning template previews","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4995.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4995.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4995","reference_id":"","reference_type":"","scores":[{"value":"0.00298","scoring_system":"epss","scoring_elements":"0.53502","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00298","scoring_system":"epss","scoring_elements":"0.53562","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4995"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1348939","reference_id":"1348939","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1348939"}],"fixed_packages":[],"aliases":["CVE-2016-4995"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sjqy-qthq-jfdc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/95259?format=json","vulnerability_id":"VCID-t96j-881u-rfdr","summary":"The Zone::New function in zone.cc in Google V8 before 5.0.71.47, as used in Google Chrome before 50.0.2661.102, does not properly determine when to expand certain memory allocations, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via crafted JavaScript code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1669.json","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1669.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1669","reference_id":"","reference_type":"","scores":[{"value":"0.01626","scoring_system":"epss","scoring_elements":"0.82203","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01626","scoring_system":"epss","scoring_elements":"0.82231","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1669"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10403","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10403"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1667","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1667"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1668","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1668"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1669","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1669"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1670","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1670"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1672","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1672"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1673","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1673"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1674","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1674"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1675","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1675"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1676","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1676"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1677","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1677"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1678","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1678"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1679","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1679"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1680","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1680"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1681","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1681"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1682","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1682"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1683","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1683"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1684","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1684"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1685","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1685"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1686","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1686"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1687","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1687"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1688","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1688"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1689","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1689"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1690","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1690"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1691","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1691"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1692","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1692"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1693","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1693"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1694","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1694"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1695","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1695"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1335449","reference_id":"1335449","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1335449"},{"reference_url":"https://security.gentoo.org/glsa/201605-02","reference_id":"GLSA-201605-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201605-02"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1080","reference_id":"RHSA-2016:1080","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1080"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0002","reference_id":"RHSA-2017:0002","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0002"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0879","reference_id":"RHSA-2017:0879","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0879"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0880","reference_id":"RHSA-2017:0880","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0880"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0881","reference_id":"RHSA-2017:0881","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0881"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0882","reference_id":"RHSA-2017:0882","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0882"},{"reference_url":"https://usn.ubuntu.com/2960-1/","reference_id":"USN-2960-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2960-1/"}],"fixed_packages":[],"aliases":["CVE-2016-1669"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t96j-881u-rfdr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98792?format=json","vulnerability_id":"VCID-wqeh-3r7d-7ffz","summary":"Versions of Puppet prior to 4.10.1 will deserialize data off the wire (from the agent to the server, in this case) with a attacker-specified format. This could be used to force YAML deserialization in an unsafe manner, which would lead to remote code execution. This change constrains the format of data on the wire to PSON or safely decoded YAML.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2295.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2295.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-2295","reference_id":"","reference_type":"","scores":[{"value":"0.01449","scoring_system":"epss","scoring_elements":"0.81116","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01449","scoring_system":"epss","scoring_elements":"0.81143","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-2295"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2295","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2295"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:C/I:C/A:C"},{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1452651","reference_id":"1452651","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1452651"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863212","reference_id":"863212","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863212"},{"reference_url":"https://usn.ubuntu.com/3308-1/","reference_id":"USN-3308-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3308-1/"},{"reference_url":"https://usn.ubuntu.com/USN-4804-1/","reference_id":"USN-USN-4804-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-4804-1/"}],"fixed_packages":[],"aliases":["CVE-2017-2295"],"risk_score":3.6,"exploitability":"0.5","weighted_severity":"7.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wqeh-3r7d-7ffz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/112343?format=json","vulnerability_id":"VCID-wxck-e2pc-aqdv","summary":"foreman: Stored XSS vulnerability in remote execution plugin","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8613.json","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8613.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-8613","reference_id":"","reference_type":"","scores":[{"value":"0.00737","scoring_system":"epss","scoring_elements":"0.73213","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00737","scoring_system":"epss","scoring_elements":"0.7325","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-8613"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1387232","reference_id":"1387232","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1387232"}],"fixed_packages":[],"aliases":["CVE-2016-8613"],"risk_score":2.9,"exploitability":"0.5","weighted_severity":"5.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wxck-e2pc-aqdv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/112804?format=json","vulnerability_id":"VCID-xa2e-pjyk-6kb6","summary":"foreman: privilege escalation through Organization and Locations API","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4451.json","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4451.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4451","reference_id":"","reference_type":"","scores":[{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34113","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34212","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4451"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1339889","reference_id":"1339889","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1339889"}],"fixed_packages":[],"aliases":["CVE-2016-4451"],"risk_score":2.9,"exploitability":"0.5","weighted_severity":"5.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xa2e-pjyk-6kb6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/111608?format=json","vulnerability_id":"VCID-yphv-jrpk-2yg7","summary":"foreman: models with a 'belongs_to' association to an Organization do not verify association belongs to that Organization","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8183.json","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8183.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-8183","reference_id":"","reference_type":"","scores":[{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.35702","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.35797","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-8183"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:P/I:P/A:P"},{"value":"7.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1480886","reference_id":"1480886","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1480886"}],"fixed_packages":[],"aliases":["CVE-2014-8183"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yphv-jrpk-2yg7"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/tfm-rubygem-hammer_cli@0.11.0.1-1%3Farch=el7sat"}