{"url":"http://public2.vulnerablecode.io/api/packages/146804?format=json","purl":"pkg:rpm/redhat/httpd24-curl@7.61.1-1?arch=el6","type":"rpm","namespace":"redhat","name":"httpd24-curl","version":"7.61.1-1","qualifiers":{"arch":"el6"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65666?format=json","vulnerability_id":"VCID-1b5g-9trz-7ufb","summary":"curl before version 7.52.0 is vulnerable to a buffer overflow when doing a large floating point output in libcurl's implementation of the printf() functions. If there are any application that accepts a format string from the outside without necessary input filtering, it could allow remote attacks.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9586.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9586.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9586","reference_id":"","reference_type":"","scores":[{"value":"0.01009","scoring_system":"epss","scoring_elements":"0.7743","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9586"},{"reference_url":"https://curl.se/docs/CVE-2016-9586.html","reference_id":"","reference_type":"","scores":[{"value":"Medium","scoring_system":"cvssv3.1","scoring_elements":""}],"url":"https://curl.se/docs/CVE-2016-9586.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1406712","reference_id":"1406712","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1406712"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=848958","reference_id":"848958","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=848958"},{"reference_url":"https://security.archlinux.org/ASA-201612-22","reference_id":"ASA-201612-22","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201612-22"},{"reference_url":"https://security.archlinux.org/ASA-201701-10","reference_id":"ASA-201701-10","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-10"},{"reference_url":"https://security.archlinux.org/ASA-201701-11","reference_id":"ASA-201701-11","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-11"},{"reference_url":"https://security.archlinux.org/ASA-201701-7","reference_id":"ASA-201701-7","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-7"},{"reference_url":"https://security.archlinux.org/ASA-201701-8","reference_id":"ASA-201701-8","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-8"},{"reference_url":"https://security.archlinux.org/ASA-201701-9","reference_id":"ASA-201701-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-9"},{"reference_url":"https://security.archlinux.org/AVG-112","reference_id":"AVG-112","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-112"},{"reference_url":"https://security.archlinux.org/AVG-113","reference_id":"AVG-113","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-113"},{"reference_url":"https://security.archlinux.org/AVG-114","reference_id":"AVG-114","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-114"},{"reference_url":"https://security.archlinux.org/AVG-115","reference_id":"AVG-115","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-115"},{"reference_url":"https://security.archlinux.org/AVG-116","reference_id":"AVG-116","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-116"},{"reference_url":"https://security.archlinux.org/AVG-117","reference_id":"AVG-117","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-117"},{"reference_url":"https://security.gentoo.org/glsa/201701-47","reference_id":"GLSA-201701-47","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-47"}],"fixed_packages":[],"aliases":["CVE-2016-9586"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1b5g-9trz-7ufb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65684?format=json","vulnerability_id":"VCID-1kpz-55f1-f7dj","summary":"curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On systems with a 32 bit size_t, the math to calculate SUM triggers an integer overflow when the password length exceeds 2GB (2^31 bytes). This integer overflow usually causes a very small buffer to actually get allocated instead of the intended very huge one, making the use of that buffer end up in a heap buffer overflow. (This bug is almost identical to CVE-2017-8816.)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14618.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14618.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14618","reference_id":"","reference_type":"","scores":[{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.66048","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14618"},{"reference_url":"https://curl.se/docs/CVE-2018-14618.html","reference_id":"","reference_type":"","scores":[{"value":"High","scoring_system":"cvssv3.1","scoring_elements":""}],"url":"https://curl.se/docs/CVE-2018-14618.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1622707","reference_id":"1622707","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1622707"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908327","reference_id":"908327","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908327"},{"reference_url":"https://security.gentoo.org/glsa/201903-03","reference_id":"GLSA-201903-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201903-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1880","reference_id":"RHSA-2019:1880","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1880"}],"fixed_packages":[],"aliases":["CVE-2018-14618"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1kpz-55f1-f7dj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6749?format=json","vulnerability_id":"VCID-1y6d-7vfu-ybb3","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8620.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8620.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-8620","reference_id":"","reference_type":"","scores":[{"value":"0.00881","scoring_system":"epss","scoring_elements":"0.75721","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-8620"},{"reference_url":"https://curl.se/docs/CVE-2016-8620.html","reference_id":"","reference_type":"","scores":[{"value":"Medium","scoring_system":"cvssv3.1","scoring_elements":""}],"url":"https://curl.se/docs/CVE-2016-8620.html"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8615","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8615"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8616","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8616"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8617","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8617"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8618","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8618"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8619","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8619"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8620","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8620"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8621","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8621"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8622","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8622"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8623","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8623"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8624","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8624"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1388382","reference_id":"1388382","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1388382"},{"reference_url":"https://security.archlinux.org/ASA-201611-7","reference_id":"ASA-201611-7","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-7"},{"reference_url":"https://security.archlinux.org/AVG-60","reference_id":"AVG-60","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-60"},{"reference_url":"https://security.gentoo.org/glsa/201701-47","reference_id":"GLSA-201701-47","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-47"}],"fixed_packages":[],"aliases":["CVE-2016-8620"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1y6d-7vfu-ybb3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6748?format=json","vulnerability_id":"VCID-51ac-1jc2-vfed","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8622.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8622.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-8622","reference_id":"","reference_type":"","scores":[{"value":"0.0185","scoring_system":"epss","scoring_elements":"0.83349","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-8622"},{"reference_url":"https://curl.se/docs/CVE-2016-8622.html","reference_id":"","reference_type":"","scores":[{"value":"Medium","scoring_system":"cvssv3.1","scoring_elements":""}],"url":"https://curl.se/docs/CVE-2016-8622.html"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8615","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8615"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8616","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8616"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8617","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8617"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8618","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8618"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8619","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8619"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8620","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8620"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8621","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8621"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8622","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8622"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8623","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8623"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8624","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8624"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1388386","reference_id":"1388386","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1388386"},{"reference_url":"https://security.archlinux.org/ASA-201611-7","reference_id":"ASA-201611-7","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-7"},{"reference_url":"https://security.archlinux.org/ASA-201611-8","reference_id":"ASA-201611-8","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-8"},{"reference_url":"https://security.archlinux.org/ASA-201611-9","reference_id":"ASA-201611-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-9"},{"reference_url":"https://security.archlinux.org/AVG-60","reference_id":"AVG-60","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-60"},{"reference_url":"https://security.archlinux.org/AVG-62","reference_id":"AVG-62","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-62"},{"reference_url":"https://security.archlinux.org/AVG-65","reference_id":"AVG-65","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-65"},{"reference_url":"https://security.gentoo.org/glsa/201701-47","reference_id":"GLSA-201701-47","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-47"}],"fixed_packages":[],"aliases":["CVE-2016-8622"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-51ac-1jc2-vfed"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51067?format=json","vulnerability_id":"VCID-5qj8-vuec-h3fg","summary":"When mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a \"Session\" header. This comes from the \"HTTP_SESSION\" variable name used by mod_session to forward its data to CGIs, since the prefix \"HTTP_\" is also used by the Apache HTTP Server to pass HTTP header fields, per CGI specifications. The severity is set to Moderate because \"SessionEnv on\" is not a default nor common configuration, it should be considered more severe when this is the case though, because of the possible remote exploitation.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1283.json","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1283.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1283","reference_id":"","reference_type":"","scores":[{"value":"0.03761","scoring_system":"epss","scoring_elements":"0.88242","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1283"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1560395","reference_id":"1560395","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1560395"},{"reference_url":"https://security.archlinux.org/ASA-201804-4","reference_id":"ASA-201804-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201804-4"},{"reference_url":"https://security.archlinux.org/AVG-664","reference_id":"AVG-664","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-664"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2018-1283.json","reference_id":"CVE-2018-1283","reference_type":"","scores":[{"value":"moderate","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2018-1283.json"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0366","reference_id":"RHSA-2019:0366","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0366"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0367","reference_id":"RHSA-2019:0367","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0367"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3958","reference_id":"RHSA-2020:3958","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3958"}],"fixed_packages":[],"aliases":["CVE-2018-1283"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5qj8-vuec-h3fg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65671?format=json","vulnerability_id":"VCID-5svr-3vv9-mqea","summary":"When doing a TFTP transfer and curl/libcurl is given a URL that contains a very long file name (longer than about 515 bytes), the file name is truncated to fit within the buffer boundaries, but the buffer size is still wrongly updated to use the untruncated length. This too large value is then used in the sendto() call, making curl attempt to send more data than what is actually put into the buffer. The endto() function will then read beyond the end of the heap based buffer. A malicious HTTP(S) server could redirect a vulnerable libcurl-using client to a crafted TFTP URL (if the client hasn't restricted which protocols it allows redirects to) and trick it to send private memory contents to a remote server over UDP. Limit curl's redirect protocols with --proto-redir and libcurl's with CURLOPT_REDIR_PROTOCOLS.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000100.json","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000100.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-1000100","reference_id":"","reference_type":"","scores":[{"value":"0.00618","scoring_system":"epss","scoring_elements":"0.70342","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-1000100"},{"reference_url":"https://curl.se/docs/CVE-2017-1000100.html","reference_id":"","reference_type":"","scores":[{"value":"High","scoring_system":"cvssv3.1","scoring_elements":""}],"url":"https://curl.se/docs/CVE-2017-1000100.html"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000100","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000100"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000101","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000101"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000254","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000254"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1478310","reference_id":"1478310","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1478310"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871555","reference_id":"871555","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871555"},{"reference_url":"https://security.archlinux.org/ASA-201708-16","reference_id":"ASA-201708-16","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201708-16"},{"reference_url":"https://security.archlinux.org/ASA-201710-3","reference_id":"ASA-201710-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201710-3"},{"reference_url":"https://security.archlinux.org/ASA-201710-4","reference_id":"ASA-201710-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201710-4"},{"reference_url":"https://security.archlinux.org/ASA-201710-5","reference_id":"ASA-201710-5","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201710-5"},{"reference_url":"https://security.archlinux.org/ASA-201710-6","reference_id":"ASA-201710-6","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201710-6"},{"reference_url":"https://security.archlinux.org/ASA-201710-7","reference_id":"ASA-201710-7","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201710-7"},{"reference_url":"https://security.archlinux.org/AVG-370","reference_id":"AVG-370","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-370"},{"reference_url":"https://security.archlinux.org/AVG-371","reference_id":"AVG-371","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-371"},{"reference_url":"https://security.archlinux.org/AVG-386","reference_id":"AVG-386","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-386"},{"reference_url":"https://security.archlinux.org/AVG-387","reference_id":"AVG-387","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-387"},{"reference_url":"https://security.archlinux.org/AVG-388","reference_id":"AVG-388","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-388"},{"reference_url":"https://security.archlinux.org/AVG-389","reference_id":"AVG-389","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-389"},{"reference_url":"https://security.gentoo.org/glsa/201709-14","reference_id":"GLSA-201709-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201709-14"}],"fixed_packages":[],"aliases":["CVE-2017-1000100"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5svr-3vv9-mqea"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65683?format=json","vulnerability_id":"VCID-5ujs-47hf-g7gj","summary":"A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code that allows an attacker to cause a denial of service or information leakage","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000122.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000122.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1000122","reference_id":"","reference_type":"","scores":[{"value":"0.01639","scoring_system":"epss","scoring_elements":"0.82277","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1000122"},{"reference_url":"https://curl.se/docs/CVE-2018-1000122.html","reference_id":"","reference_type":"","scores":[{"value":"Medium","scoring_system":"cvssv3.1","scoring_elements":""}],"url":"https://curl.se/docs/CVE-2018-1000122.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1553398","reference_id":"1553398","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1553398"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=893546","reference_id":"893546","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=893546"},{"reference_url":"https://security.archlinux.org/ASA-201803-15","reference_id":"ASA-201803-15","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201803-15"},{"reference_url":"https://security.archlinux.org/ASA-201803-16","reference_id":"ASA-201803-16","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201803-16"},{"reference_url":"https://security.archlinux.org/ASA-201803-17","reference_id":"ASA-201803-17","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201803-17"},{"reference_url":"https://security.archlinux.org/ASA-201803-18","reference_id":"ASA-201803-18","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201803-18"},{"reference_url":"https://security.archlinux.org/ASA-201803-19","reference_id":"ASA-201803-19","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201803-19"},{"reference_url":"https://security.archlinux.org/ASA-201803-20","reference_id":"ASA-201803-20","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201803-20"},{"reference_url":"https://security.archlinux.org/AVG-653","reference_id":"AVG-653","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-653"},{"reference_url":"https://security.archlinux.org/AVG-654","reference_id":"AVG-654","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-654"},{"reference_url":"https://security.archlinux.org/AVG-655","reference_id":"AVG-655","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-655"},{"reference_url":"https://security.archlinux.org/AVG-656","reference_id":"AVG-656","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-656"},{"reference_url":"https://security.archlinux.org/AVG-660","reference_id":"AVG-660","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-660"},{"reference_url":"https://security.archlinux.org/AVG-661","reference_id":"AVG-661","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-661"},{"reference_url":"https://security.gentoo.org/glsa/201804-04","reference_id":"GLSA-201804-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201804-04"}],"fixed_packages":[],"aliases":["CVE-2018-1000122"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5ujs-47hf-g7gj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6747?format=json","vulnerability_id":"VCID-5xjw-u8ad-n3g5","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8615.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8615.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-8615","reference_id":"","reference_type":"","scores":[{"value":"0.04293","scoring_system":"epss","scoring_elements":"0.89048","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-8615"},{"reference_url":"https://curl.se/docs/CVE-2016-8615.html","reference_id":"","reference_type":"","scores":[{"value":"High","scoring_system":"cvssv3.1","scoring_elements":""}],"url":"https://curl.se/docs/CVE-2016-8615.html"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8615","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8615"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8616","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8616"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8617","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8617"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8618","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8618"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8619","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8619"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8620","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8620"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8621","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8621"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8622","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8622"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8623","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8623"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8624","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8624"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1388370","reference_id":"1388370","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1388370"},{"reference_url":"https://security.archlinux.org/ASA-201611-10","reference_id":"ASA-201611-10","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-10"},{"reference_url":"https://security.archlinux.org/ASA-201611-4","reference_id":"ASA-201611-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-4"},{"reference_url":"https://security.archlinux.org/ASA-201611-5","reference_id":"ASA-201611-5","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-5"},{"reference_url":"https://security.archlinux.org/ASA-201611-7","reference_id":"ASA-201611-7","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-7"},{"reference_url":"https://security.archlinux.org/ASA-201611-8","reference_id":"ASA-201611-8","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-8"},{"reference_url":"https://security.archlinux.org/ASA-201611-9","reference_id":"ASA-201611-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-9"},{"reference_url":"https://security.archlinux.org/AVG-60","reference_id":"AVG-60","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-60"},{"reference_url":"https://security.archlinux.org/AVG-61","reference_id":"AVG-61","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-61"},{"reference_url":"https://security.archlinux.org/AVG-62","reference_id":"AVG-62","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-62"},{"reference_url":"https://security.archlinux.org/AVG-63","reference_id":"AVG-63","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-63"},{"reference_url":"https://security.archlinux.org/AVG-65","reference_id":"AVG-65","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-65"},{"reference_url":"https://security.archlinux.org/AVG-66","reference_id":"AVG-66","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-66"},{"reference_url":"https://security.gentoo.org/glsa/201701-47","reference_id":"GLSA-201701-47","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-47"}],"fixed_packages":[],"aliases":["CVE-2016-8615"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5xjw-u8ad-n3g5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4268?format=json","vulnerability_id":"VCID-6745-tyba-33fa","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000301.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000301.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1000301","reference_id":"","reference_type":"","scores":[{"value":"0.02845","scoring_system":"epss","scoring_elements":"0.86486","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1000301"},{"reference_url":"https://curl.se/docs/CVE-2018-1000301.html","reference_id":"","reference_type":"","scores":[{"value":"Medium","scoring_system":"cvssv3.1","scoring_elements":""}],"url":"https://curl.se/docs/CVE-2018-1000301.html"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000301","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000301"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1575536","reference_id":"1575536","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1575536"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898856","reference_id":"898856","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898856"},{"reference_url":"https://security.archlinux.org/ASA-201805-13","reference_id":"ASA-201805-13","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201805-13"},{"reference_url":"https://security.archlinux.org/ASA-201805-14","reference_id":"ASA-201805-14","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201805-14"},{"reference_url":"https://security.archlinux.org/ASA-201805-15","reference_id":"ASA-201805-15","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201805-15"},{"reference_url":"https://security.archlinux.org/ASA-201805-16","reference_id":"ASA-201805-16","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201805-16"},{"reference_url":"https://security.archlinux.org/ASA-201805-17","reference_id":"ASA-201805-17","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201805-17"},{"reference_url":"https://security.archlinux.org/ASA-201805-18","reference_id":"ASA-201805-18","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201805-18"},{"reference_url":"https://security.archlinux.org/AVG-694","reference_id":"AVG-694","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-694"},{"reference_url":"https://security.archlinux.org/AVG-695","reference_id":"AVG-695","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-695"},{"reference_url":"https://security.archlinux.org/AVG-696","reference_id":"AVG-696","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-696"},{"reference_url":"https://security.archlinux.org/AVG-697","reference_id":"AVG-697","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-697"},{"reference_url":"https://security.archlinux.org/AVG-698","reference_id":"AVG-698","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-698"},{"reference_url":"https://security.archlinux.org/AVG-699","reference_id":"AVG-699","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-699"},{"reference_url":"https://security.gentoo.org/glsa/201806-05","reference_id":"GLSA-201806-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201806-05"}],"fixed_packages":[],"aliases":["CVE-2018-1000301"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6745-tyba-33fa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65662?format=json","vulnerability_id":"VCID-6rk4-vb5u-bkg6","summary":"curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS connection to reuse, which might allow remote attackers to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5420.json","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5420.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5420","reference_id":"","reference_type":"","scores":[{"value":"0.01071","scoring_system":"epss","scoring_elements":"0.7808","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5420"},{"reference_url":"https://curl.se/docs/CVE-2016-5420.html","reference_id":"","reference_type":"","scores":[{"value":"Medium","scoring_system":"cvssv3.1","scoring_elements":""}],"url":"https://curl.se/docs/CVE-2016-5420.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1362190","reference_id":"1362190","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1362190"},{"reference_url":"https://security.gentoo.org/glsa/201701-47","reference_id":"GLSA-201701-47","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-47"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2575","reference_id":"RHSA-2016:2575","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2575"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2957","reference_id":"RHSA-2016:2957","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2957"}],"fixed_packages":[],"aliases":["CVE-2016-5420"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6rk4-vb5u-bkg6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6395?format=json","vulnerability_id":"VCID-7jrx-ykk8-h3gp","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-8817.json","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-8817.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-8817","reference_id":"","reference_type":"","scores":[{"value":"0.00735","scoring_system":"epss","scoring_elements":"0.73169","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-8817"},{"reference_url":"https://curl.se/docs/CVE-2017-8817.html","reference_id":"","reference_type":"","scores":[{"value":"Medium","scoring_system":"cvssv3.1","scoring_elements":""}],"url":"https://curl.se/docs/CVE-2017-8817.html"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8816","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8816"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8817","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8817"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1515760","reference_id":"1515760","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1515760"},{"reference_url":"https://security.archlinux.org/ASA-201711-33","reference_id":"ASA-201711-33","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201711-33"},{"reference_url":"https://security.archlinux.org/ASA-201711-34","reference_id":"ASA-201711-34","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201711-34"},{"reference_url":"https://security.archlinux.org/ASA-201711-35","reference_id":"ASA-201711-35","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201711-35"},{"reference_url":"https://security.archlinux.org/ASA-201711-36","reference_id":"ASA-201711-36","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201711-36"},{"reference_url":"https://security.archlinux.org/ASA-201711-37","reference_id":"ASA-201711-37","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201711-37"},{"reference_url":"https://security.archlinux.org/ASA-201711-38","reference_id":"ASA-201711-38","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201711-38"},{"reference_url":"https://security.archlinux.org/AVG-521","reference_id":"AVG-521","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-521"},{"reference_url":"https://security.archlinux.org/AVG-522","reference_id":"AVG-522","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-522"},{"reference_url":"https://security.archlinux.org/AVG-523","reference_id":"AVG-523","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-523"},{"reference_url":"https://security.archlinux.org/AVG-524","reference_id":"AVG-524","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-524"},{"reference_url":"https://security.archlinux.org/AVG-525","reference_id":"AVG-525","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-525"},{"reference_url":"https://security.archlinux.org/AVG-526","reference_id":"AVG-526","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-526"}],"fixed_packages":[],"aliases":["CVE-2017-8817"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7jrx-ykk8-h3gp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6740?format=json","vulnerability_id":"VCID-av4f-gxku-qbhp","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8624.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8624.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-8624","reference_id":"","reference_type":"","scores":[{"value":"0.01363","scoring_system":"epss","scoring_elements":"0.80514","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-8624"},{"reference_url":"https://curl.se/docs/CVE-2016-8624.html","reference_id":"","reference_type":"","scores":[{"value":"Medium","scoring_system":"cvssv3.1","scoring_elements":""}],"url":"https://curl.se/docs/CVE-2016-8624.html"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8615","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8615"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8616","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8616"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8617","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8617"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8618","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8618"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8619","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8619"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8620","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8620"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8621","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8621"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8622","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8622"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8623","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8623"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8624","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8624"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1388390","reference_id":"1388390","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1388390"},{"reference_url":"https://security.archlinux.org/ASA-201611-10","reference_id":"ASA-201611-10","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-10"},{"reference_url":"https://security.archlinux.org/ASA-201611-4","reference_id":"ASA-201611-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-4"},{"reference_url":"https://security.archlinux.org/ASA-201611-5","reference_id":"ASA-201611-5","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-5"},{"reference_url":"https://security.archlinux.org/ASA-201611-7","reference_id":"ASA-201611-7","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-7"},{"reference_url":"https://security.archlinux.org/ASA-201611-8","reference_id":"ASA-201611-8","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-8"},{"reference_url":"https://security.archlinux.org/ASA-201611-9","reference_id":"ASA-201611-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-9"},{"reference_url":"https://security.archlinux.org/AVG-60","reference_id":"AVG-60","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-60"},{"reference_url":"https://security.archlinux.org/AVG-61","reference_id":"AVG-61","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-61"},{"reference_url":"https://security.archlinux.org/AVG-62","reference_id":"AVG-62","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-62"},{"reference_url":"https://security.archlinux.org/AVG-63","reference_id":"AVG-63","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-63"},{"reference_url":"https://security.archlinux.org/AVG-65","reference_id":"AVG-65","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-65"},{"reference_url":"https://security.archlinux.org/AVG-66","reference_id":"AVG-66","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-66"},{"reference_url":"https://security.gentoo.org/glsa/201701-47","reference_id":"GLSA-201701-47","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-47"}],"fixed_packages":[],"aliases":["CVE-2016-8624"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-av4f-gxku-qbhp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51070?format=json","vulnerability_id":"VCID-bp2p-twzt-wkap","summary":"A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.33 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial of Service attack against users of mod_cache_socache.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1303.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1303.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1303","reference_id":"","reference_type":"","scores":[{"value":"0.34546","scoring_system":"epss","scoring_elements":"0.97089","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1560399","reference_id":"1560399","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1560399"},{"reference_url":"https://security.archlinux.org/ASA-201804-4","reference_id":"ASA-201804-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201804-4"},{"reference_url":"https://security.archlinux.org/AVG-664","reference_id":"AVG-664","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-664"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2018-1303.json","reference_id":"CVE-2018-1303","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2018-1303.json"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0366","reference_id":"RHSA-2019:0366","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0366"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0367","reference_id":"RHSA-2019:0367","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0367"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3958","reference_id":"RHSA-2020:3958","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3958"}],"fixed_packages":[],"aliases":["CVE-2018-1303"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bp2p-twzt-wkap"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51068?format=json","vulnerability_id":"VCID-bzpc-s4tb-1yhg","summary":"A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.33, due to an out of bound access after a size limit is reached by reading the HTTP header. This vulnerability is considered very hard if not impossible to trigger in non-debug mode (both log and build level), so it is classified as low risk for common server usage.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1301.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1301.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1301","reference_id":"","reference_type":"","scores":[{"value":"0.07499","scoring_system":"epss","scoring_elements":"0.91935","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1301"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1560643","reference_id":"1560643","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1560643"},{"reference_url":"https://security.archlinux.org/ASA-201804-4","reference_id":"ASA-201804-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201804-4"},{"reference_url":"https://security.archlinux.org/AVG-664","reference_id":"AVG-664","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-664"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2018-1301.json","reference_id":"CVE-2018-1301","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2018-1301.json"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0366","reference_id":"RHSA-2019:0366","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0366"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0367","reference_id":"RHSA-2019:0367","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0367"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1121","reference_id":"RHSA-2020:1121","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1121"}],"fixed_packages":[],"aliases":["CVE-2018-1301"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bzpc-s4tb-1yhg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65661?format=json","vulnerability_id":"VCID-dndt-tapy-23d2","summary":"curl and libcurl before 7.50.1 do not prevent TLS session resumption when the client certificate has changed, which allows remote attackers to bypass intended restrictions by resuming a session.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5419.json","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5419.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5419","reference_id":"","reference_type":"","scores":[{"value":"0.01912","scoring_system":"epss","scoring_elements":"0.83631","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5419"},{"reference_url":"https://curl.se/docs/CVE-2016-5419.html","reference_id":"","reference_type":"","scores":[{"value":"High","scoring_system":"cvssv3.1","scoring_elements":""}],"url":"https://curl.se/docs/CVE-2016-5419.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1362183","reference_id":"1362183","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1362183"},{"reference_url":"https://security.gentoo.org/glsa/201701-47","reference_id":"GLSA-201701-47","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-47"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2575","reference_id":"RHSA-2016:2575","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2575"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2957","reference_id":"RHSA-2016:2957","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2957"}],"fixed_packages":[],"aliases":["CVE-2016-5419"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dndt-tapy-23d2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6394?format=json","vulnerability_id":"VCID-f8vu-23bb-5ue7","summary":"arbitrary code execution","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-8816.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-8816.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-8816","reference_id":"","reference_type":"","scores":[{"value":"0.00454","scoring_system":"epss","scoring_elements":"0.64147","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-8816"},{"reference_url":"https://curl.se/docs/CVE-2017-8816.html","reference_id":"","reference_type":"","scores":[{"value":"Medium","scoring_system":"cvssv3.1","scoring_elements":""}],"url":"https://curl.se/docs/CVE-2017-8816.html"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8816","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8816"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8817","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8817"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1515757","reference_id":"1515757","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1515757"},{"reference_url":"https://security.archlinux.org/ASA-201711-36","reference_id":"ASA-201711-36","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201711-36"},{"reference_url":"https://security.archlinux.org/ASA-201711-37","reference_id":"ASA-201711-37","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201711-37"},{"reference_url":"https://security.archlinux.org/ASA-201711-38","reference_id":"ASA-201711-38","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201711-38"},{"reference_url":"https://security.archlinux.org/AVG-521","reference_id":"AVG-521","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-521"},{"reference_url":"https://security.archlinux.org/AVG-522","reference_id":"AVG-522","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-522"},{"reference_url":"https://security.archlinux.org/AVG-523","reference_id":"AVG-523","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-523"},{"reference_url":"https://security.archlinux.org/AVG-527","reference_id":"AVG-527","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-527"},{"reference_url":"https://security.archlinux.org/AVG-528","reference_id":"AVG-528","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-528"},{"reference_url":"https://security.archlinux.org/AVG-529","reference_id":"AVG-529","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-529"}],"fixed_packages":[],"aliases":["CVE-2017-8816"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f8vu-23bb-5ue7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51066?format=json","vulnerability_id":"VCID-hk7s-5xmv-1kca","summary":"The expression specified in <FilesMatch> could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the trailing portion of the filename.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15715.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15715.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15715","reference_id":"","reference_type":"","scores":[{"value":"0.93618","scoring_system":"epss","scoring_elements":"0.99847","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15715"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1560614","reference_id":"1560614","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1560614"},{"reference_url":"https://security.archlinux.org/ASA-201804-4","reference_id":"ASA-201804-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201804-4"},{"reference_url":"https://security.archlinux.org/AVG-664","reference_id":"AVG-664","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-664"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2017-15715.json","reference_id":"CVE-2017-15715","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2017-15715.json"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0366","reference_id":"RHSA-2019:0366","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0366"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0367","reference_id":"RHSA-2019:0367","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0367"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3958","reference_id":"RHSA-2020:3958","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3958"}],"fixed_packages":[],"aliases":["CVE-2017-15715"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hk7s-5xmv-1kca"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65672?format=json","vulnerability_id":"VCID-mh96-gkf1-9uek","summary":"curl supports \"globbing\" of URLs, in which a user can pass a numerical range to have the tool iterate over those numbers to do a sequence of transfers. In the globbing function that parses the numerical range, there was an omission that made curl read a byte beyond the end of the URL if given a carefully crafted, or just wrongly written, URL. The URL is stored in a heap based buffer, so it could then be made to wrongly read something else instead of crashing. An example of a URL that triggers the flaw would be `http://ur%20[0-60000000000000000000`.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000101.json","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000101.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-1000101","reference_id":"","reference_type":"","scores":[{"value":"0.00655","scoring_system":"epss","scoring_elements":"0.7133","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-1000101"},{"reference_url":"https://curl.se/docs/CVE-2017-1000101.html","reference_id":"","reference_type":"","scores":[{"value":"Medium","scoring_system":"cvssv3.1","scoring_elements":""}],"url":"https://curl.se/docs/CVE-2017-1000101.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1478309","reference_id":"1478309","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1478309"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871554","reference_id":"871554","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871554"},{"reference_url":"https://security.archlinux.org/ASA-201708-16","reference_id":"ASA-201708-16","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201708-16"},{"reference_url":"https://security.archlinux.org/AVG-370","reference_id":"AVG-370","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-370"},{"reference_url":"https://security.gentoo.org/glsa/201709-14","reference_id":"GLSA-201709-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201709-14"}],"fixed_packages":[],"aliases":["CVE-2017-1000101"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mh96-gkf1-9uek"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65663?format=json","vulnerability_id":"VCID-mq44-5pmp-2qhh","summary":"Use-after-free vulnerability in libcurl before 7.50.1 allows attackers to control which connection is used or possibly have unspecified other impact via unknown vectors.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5421.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5421.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5421","reference_id":"","reference_type":"","scores":[{"value":"0.01092","scoring_system":"epss","scoring_elements":"0.78294","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5421"},{"reference_url":"https://curl.se/docs/CVE-2016-5421.html","reference_id":"","reference_type":"","scores":[{"value":"High","scoring_system":"cvssv3.1","scoring_elements":""}],"url":"https://curl.se/docs/CVE-2016-5421.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1362199","reference_id":"1362199","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1362199"},{"reference_url":"https://security.gentoo.org/glsa/201701-47","reference_id":"GLSA-201701-47","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-47"}],"fixed_packages":[],"aliases":["CVE-2016-5421"],"risk_score":3.6,"exploitability":"0.5","weighted_severity":"7.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mq44-5pmp-2qhh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65673?format=json","vulnerability_id":"VCID-naac-snjw-qbad","summary":"libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks the server for the current directory with the `PWD` command. The server then responds with a 257 response containing the path, inside double quotes. The returned path name is then kept by libcurl for subsequent uses. Due to a flaw in the string parser for this directory name, a directory name passed like this but without a closing double quote would lead to libcurl not adding a trailing NUL byte to the buffer holding the name. When libcurl would then later access the string, it could read beyond the allocated heap buffer and crash or wrongly access data beyond the buffer, thinking it was part of the path. A malicious server could abuse this fact and effectively prevent libcurl-based clients to work with it - the PWD command is always issued on new FTP connections and the mistake has a high chance of causing a segfault. The simple fact that this has issue remained undiscovered for this long could suggest that malformed PWD responses are rare in benign servers. We are not aware of any exploit of this flaw. This bug was introduced in commit [415d2e7cb7](https://github.com/curl/curl/commit/415d2e7cb7), March 2005. In libcurl version 7.56.0, the parser always zero terminates the string but also rejects it if not terminated properly with a final double quote.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000254.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000254.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-1000254","reference_id":"","reference_type":"","scores":[{"value":"0.01318","scoring_system":"epss","scoring_elements":"0.80206","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-1000254"},{"reference_url":"https://curl.se/docs/CVE-2017-1000254.html","reference_id":"","reference_type":"","scores":[{"value":"Medium","scoring_system":"cvssv3.1","scoring_elements":""}],"url":"https://curl.se/docs/CVE-2017-1000254.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1495541","reference_id":"1495541","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1495541"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877671","reference_id":"877671","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877671"},{"reference_url":"https://security.archlinux.org/ASA-201710-2","reference_id":"ASA-201710-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201710-2"},{"reference_url":"https://security.archlinux.org/ASA-201710-3","reference_id":"ASA-201710-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201710-3"},{"reference_url":"https://security.archlinux.org/ASA-201710-4","reference_id":"ASA-201710-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201710-4"},{"reference_url":"https://security.archlinux.org/ASA-201710-5","reference_id":"ASA-201710-5","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201710-5"},{"reference_url":"https://security.archlinux.org/ASA-201710-6","reference_id":"ASA-201710-6","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201710-6"},{"reference_url":"https://security.archlinux.org/ASA-201710-7","reference_id":"ASA-201710-7","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201710-7"},{"reference_url":"https://security.archlinux.org/AVG-371","reference_id":"AVG-371","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-371"},{"reference_url":"https://security.archlinux.org/AVG-386","reference_id":"AVG-386","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-386"},{"reference_url":"https://security.archlinux.org/AVG-387","reference_id":"AVG-387","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-387"},{"reference_url":"https://security.archlinux.org/AVG-388","reference_id":"AVG-388","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-388"},{"reference_url":"https://security.archlinux.org/AVG-389","reference_id":"AVG-389","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-389"},{"reference_url":"https://security.archlinux.org/AVG-422","reference_id":"AVG-422","reference_type":"","scores":[{"value":"Low","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-422"}],"fixed_packages":[],"aliases":["CVE-2017-1000254"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-naac-snjw-qbad"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51071?format=json","vulnerability_id":"VCID-ndjs-6nmc-9yg1","summary":"When generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests could be replayed across servers by an attacker without detection.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1312.json","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1312.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1312","reference_id":"","reference_type":"","scores":[{"value":"0.0728","scoring_system":"epss","scoring_elements":"0.918","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1312"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1560634","reference_id":"1560634","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1560634"},{"reference_url":"https://security.archlinux.org/ASA-201804-4","reference_id":"ASA-201804-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201804-4"},{"reference_url":"https://security.archlinux.org/AVG-664","reference_id":"AVG-664","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-664"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2018-1312.json","reference_id":"CVE-2018-1312","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2018-1312.json"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0366","reference_id":"RHSA-2019:0366","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0366"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0367","reference_id":"RHSA-2019:0367","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0367"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1898","reference_id":"RHSA-2019:1898","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1898"}],"fixed_packages":[],"aliases":["CVE-2018-1312"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ndjs-6nmc-9yg1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51072?format=json","vulnerability_id":"VCID-ny3v-m8gs-3bf2","summary":"By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion and a denial of service. This issue only affects servers that have configured and enabled HTTP/2 support, which is not the default","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1333.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1333.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1333","reference_id":"","reference_type":"","scores":[{"value":"0.20811","scoring_system":"epss","scoring_elements":"0.95719","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1333"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1605048","reference_id":"1605048","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1605048"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904106","reference_id":"904106","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904106"},{"reference_url":"https://security.archlinux.org/ASA-201807-12","reference_id":"ASA-201807-12","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201807-12"},{"reference_url":"https://security.archlinux.org/AVG-736","reference_id":"AVG-736","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-736"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2018-1333.json","reference_id":"CVE-2018-1333","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2018-1333.json"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0366","reference_id":"RHSA-2019:0366","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0366"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0367","reference_id":"RHSA-2019:0367","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0367"}],"fixed_packages":[],"aliases":["CVE-2018-1333"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ny3v-m8gs-3bf2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65682?format=json","vulnerability_id":"VCID-p8vk-yf66-wbb7","summary":"A NULL pointer dereference exists in curl 7.21.0 to and including curl 7.58.0 in the LDAP code that allows an attacker to cause a denial of service","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000121.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000121.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1000121","reference_id":"","reference_type":"","scores":[{"value":"0.02668","scoring_system":"epss","scoring_elements":"0.86088","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1000121"},{"reference_url":"https://curl.se/docs/CVE-2018-1000121.html","reference_id":"","reference_type":"","scores":[{"value":"Low","scoring_system":"cvssv3.1","scoring_elements":""}],"url":"https://curl.se/docs/CVE-2018-1000121.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1552631","reference_id":"1552631","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1552631"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=893546","reference_id":"893546","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=893546"},{"reference_url":"https://security.archlinux.org/ASA-201803-15","reference_id":"ASA-201803-15","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201803-15"},{"reference_url":"https://security.archlinux.org/ASA-201803-16","reference_id":"ASA-201803-16","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201803-16"},{"reference_url":"https://security.archlinux.org/ASA-201803-17","reference_id":"ASA-201803-17","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201803-17"},{"reference_url":"https://security.archlinux.org/ASA-201803-18","reference_id":"ASA-201803-18","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201803-18"},{"reference_url":"https://security.archlinux.org/ASA-201803-19","reference_id":"ASA-201803-19","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201803-19"},{"reference_url":"https://security.archlinux.org/ASA-201803-20","reference_id":"ASA-201803-20","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201803-20"},{"reference_url":"https://security.archlinux.org/AVG-653","reference_id":"AVG-653","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-653"},{"reference_url":"https://security.archlinux.org/AVG-654","reference_id":"AVG-654","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-654"},{"reference_url":"https://security.archlinux.org/AVG-655","reference_id":"AVG-655","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-655"},{"reference_url":"https://security.archlinux.org/AVG-656","reference_id":"AVG-656","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-656"},{"reference_url":"https://security.archlinux.org/AVG-660","reference_id":"AVG-660","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-660"},{"reference_url":"https://security.archlinux.org/AVG-661","reference_id":"AVG-661","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-661"},{"reference_url":"https://security.gentoo.org/glsa/201804-04","reference_id":"GLSA-201804-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201804-04"}],"fixed_packages":[],"aliases":["CVE-2018-1000121"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p8vk-yf66-wbb7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51074?format=json","vulnerability_id":"VCID-pfpr-8td6-t7dc","summary":"By sending continous SETTINGS frames of maximum size an ongoing HTTP/2 connection could be kept busy and would never time out. This can be abused for a DoS on the server. This only affect a server that has enabled the h2 protocol.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11763.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11763.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11763","reference_id":"","reference_type":"","scores":[{"value":"0.22356","scoring_system":"epss","scoring_elements":"0.95927","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11763"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1633399","reference_id":"1633399","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1633399"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909591","reference_id":"909591","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909591"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2018-11763.json","reference_id":"CVE-2018-11763","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2018-11763.json"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0366","reference_id":"RHSA-2019:0366","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0366"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0367","reference_id":"RHSA-2019:0367","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0367"}],"fixed_packages":[],"aliases":["CVE-2018-11763"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pfpr-8td6-t7dc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6739?format=json","vulnerability_id":"VCID-q8ja-keyk-fyfb","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8625.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8625.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-8625","reference_id":"","reference_type":"","scores":[{"value":"0.01671","scoring_system":"epss","scoring_elements":"0.82463","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-8625"},{"reference_url":"https://curl.se/docs/CVE-2016-8625.html","reference_id":"","reference_type":"","scores":[{"value":"High","scoring_system":"cvssv3.1","scoring_elements":""}],"url":"https://curl.se/docs/CVE-2016-8625.html"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8625","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8625"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1388392","reference_id":"1388392","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1388392"},{"reference_url":"https://security.archlinux.org/ASA-201611-10","reference_id":"ASA-201611-10","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-10"},{"reference_url":"https://security.archlinux.org/ASA-201611-4","reference_id":"ASA-201611-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-4"},{"reference_url":"https://security.archlinux.org/ASA-201611-5","reference_id":"ASA-201611-5","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-5"},{"reference_url":"https://security.archlinux.org/ASA-201611-7","reference_id":"ASA-201611-7","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-7"},{"reference_url":"https://security.archlinux.org/ASA-201611-8","reference_id":"ASA-201611-8","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-8"},{"reference_url":"https://security.archlinux.org/ASA-201611-9","reference_id":"ASA-201611-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-9"},{"reference_url":"https://security.archlinux.org/AVG-60","reference_id":"AVG-60","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-60"},{"reference_url":"https://security.archlinux.org/AVG-61","reference_id":"AVG-61","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-61"},{"reference_url":"https://security.archlinux.org/AVG-62","reference_id":"AVG-62","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-62"},{"reference_url":"https://security.archlinux.org/AVG-63","reference_id":"AVG-63","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-63"},{"reference_url":"https://security.archlinux.org/AVG-65","reference_id":"AVG-65","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-65"},{"reference_url":"https://security.archlinux.org/AVG-66","reference_id":"AVG-66","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-66"},{"reference_url":"https://security.gentoo.org/glsa/201701-47","reference_id":"GLSA-201701-47","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-47"}],"fixed_packages":[],"aliases":["CVE-2016-8625"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q8ja-keyk-fyfb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6746?format=json","vulnerability_id":"VCID-qe9z-wuze-tucq","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8616.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8616.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-8616","reference_id":"","reference_type":"","scores":[{"value":"0.04507","scoring_system":"epss","scoring_elements":"0.89324","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-8616"},{"reference_url":"https://curl.se/docs/CVE-2016-8616.html","reference_id":"","reference_type":"","scores":[{"value":"Medium","scoring_system":"cvssv3.1","scoring_elements":""}],"url":"https://curl.se/docs/CVE-2016-8616.html"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8615","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8615"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8616","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8616"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8617","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8617"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8618","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8618"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8619","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8619"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8620","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8620"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8621","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8621"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8622","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8622"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8623","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8623"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8624","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8624"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1388371","reference_id":"1388371","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1388371"},{"reference_url":"https://security.archlinux.org/ASA-201611-10","reference_id":"ASA-201611-10","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-10"},{"reference_url":"https://security.archlinux.org/ASA-201611-4","reference_id":"ASA-201611-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-4"},{"reference_url":"https://security.archlinux.org/ASA-201611-5","reference_id":"ASA-201611-5","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-5"},{"reference_url":"https://security.archlinux.org/ASA-201611-7","reference_id":"ASA-201611-7","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-7"},{"reference_url":"https://security.archlinux.org/ASA-201611-8","reference_id":"ASA-201611-8","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-8"},{"reference_url":"https://security.archlinux.org/ASA-201611-9","reference_id":"ASA-201611-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-9"},{"reference_url":"https://security.archlinux.org/AVG-60","reference_id":"AVG-60","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-60"},{"reference_url":"https://security.archlinux.org/AVG-61","reference_id":"AVG-61","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-61"},{"reference_url":"https://security.archlinux.org/AVG-62","reference_id":"AVG-62","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-62"},{"reference_url":"https://security.archlinux.org/AVG-63","reference_id":"AVG-63","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-63"},{"reference_url":"https://security.archlinux.org/AVG-65","reference_id":"AVG-65","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-65"},{"reference_url":"https://security.archlinux.org/AVG-66","reference_id":"AVG-66","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-66"},{"reference_url":"https://security.gentoo.org/glsa/201701-47","reference_id":"GLSA-201701-47","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-47"}],"fixed_packages":[],"aliases":["CVE-2016-8616"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qe9z-wuze-tucq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65681?format=json","vulnerability_id":"VCID-rt5e-saz2-j7c9","summary":"libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is returned, to the host mentioned in URL in the `Location:` response header value. Sending the same set of headers to subsequent hosts is in particular a problem for applications that pass on custom `Authorization:` headers, as this header often contains privacy sensitive information or data that could allow others to impersonate the libcurl-using client's request.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000007.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000007.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1000007","reference_id":"","reference_type":"","scores":[{"value":"0.03854","scoring_system":"epss","scoring_elements":"0.88416","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1000007"},{"reference_url":"https://curl.se/docs/CVE-2018-1000007.html","reference_id":"","reference_type":"","scores":[{"value":"Low","scoring_system":"cvssv3.1","scoring_elements":""}],"url":"https://curl.se/docs/CVE-2018-1000007.html"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000007","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000007"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1537125","reference_id":"1537125","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1537125"},{"reference_url":"https://security.archlinux.org/ASA-201801-20","reference_id":"ASA-201801-20","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201801-20"},{"reference_url":"https://security.archlinux.org/ASA-201801-22","reference_id":"ASA-201801-22","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201801-22"},{"reference_url":"https://security.archlinux.org/ASA-201801-23","reference_id":"ASA-201801-23","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201801-23"},{"reference_url":"https://security.archlinux.org/ASA-201801-24","reference_id":"ASA-201801-24","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201801-24"},{"reference_url":"https://security.archlinux.org/ASA-201801-25","reference_id":"ASA-201801-25","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201801-25"},{"reference_url":"https://security.archlinux.org/ASA-201801-26","reference_id":"ASA-201801-26","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201801-26"},{"reference_url":"https://security.archlinux.org/AVG-593","reference_id":"AVG-593","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-593"},{"reference_url":"https://security.archlinux.org/AVG-594","reference_id":"AVG-594","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-594"},{"reference_url":"https://security.archlinux.org/AVG-595","reference_id":"AVG-595","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-595"},{"reference_url":"https://security.archlinux.org/AVG-596","reference_id":"AVG-596","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-596"},{"reference_url":"https://security.archlinux.org/AVG-597","reference_id":"AVG-597","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-597"},{"reference_url":"https://security.archlinux.org/AVG-598","reference_id":"AVG-598","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-598"},{"reference_url":"https://security.gentoo.org/glsa/201804-04","reference_id":"GLSA-201804-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201804-04"}],"fixed_packages":[],"aliases":["CVE-2018-1000007"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rt5e-saz2-j7c9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65665?format=json","vulnerability_id":"VCID-s2gu-8jpq-mub9","summary":"Multiple integer overflows in the (1) curl_escape, (2) curl_easy_escape, (3) curl_unescape, and (4) curl_easy_unescape functions in libcurl before 7.50.3 allow attackers to have unspecified impact via a string of length 0xffffffff, which triggers a heap-based buffer overflow.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7167.json","reference_id":"","reference_type":"","scores":[{"value":"2.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7167.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-7167","reference_id":"","reference_type":"","scores":[{"value":"0.02257","scoring_system":"epss","scoring_elements":"0.8491","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-7167"},{"reference_url":"https://curl.se/docs/CVE-2016-7167.html","reference_id":"","reference_type":"","scores":[{"value":"Medium","scoring_system":"cvssv3.1","scoring_elements":""}],"url":"https://curl.se/docs/CVE-2016-7167.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1375906","reference_id":"1375906","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1375906"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=837945","reference_id":"837945","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=837945"},{"reference_url":"https://security.archlinux.org/ASA-201609-18","reference_id":"ASA-201609-18","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201609-18"},{"reference_url":"https://security.archlinux.org/ASA-201609-19","reference_id":"ASA-201609-19","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201609-19"},{"reference_url":"https://security.archlinux.org/AVG-20","reference_id":"AVG-20","reference_type":"","scores":[{"value":"Low","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-20"},{"reference_url":"https://security.archlinux.org/AVG-21","reference_id":"AVG-21","reference_type":"","scores":[{"value":"Low","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-21"},{"reference_url":"https://security.gentoo.org/glsa/201701-47","reference_id":"GLSA-201701-47","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-47"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2016","reference_id":"RHSA-2017:2016","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2016"}],"fixed_packages":[],"aliases":["CVE-2016-7167"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s2gu-8jpq-mub9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6744?format=json","vulnerability_id":"VCID-sesh-938m-x3f8","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8618.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8618.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-8618","reference_id":"","reference_type":"","scores":[{"value":"0.01811","scoring_system":"epss","scoring_elements":"0.83176","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-8618"},{"reference_url":"https://curl.se/docs/CVE-2016-8618.html","reference_id":"","reference_type":"","scores":[{"value":"Medium","scoring_system":"cvssv3.1","scoring_elements":""}],"url":"https://curl.se/docs/CVE-2016-8618.html"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8615","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8615"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8616","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8616"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8617","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8617"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8618","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8618"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8619","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8619"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8620","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8620"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8621","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8621"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8622","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8622"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8623","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8623"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8624","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8624"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1388378","reference_id":"1388378","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1388378"},{"reference_url":"https://security.archlinux.org/ASA-201611-10","reference_id":"ASA-201611-10","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-10"},{"reference_url":"https://security.archlinux.org/ASA-201611-4","reference_id":"ASA-201611-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-4"},{"reference_url":"https://security.archlinux.org/ASA-201611-5","reference_id":"ASA-201611-5","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-5"},{"reference_url":"https://security.archlinux.org/AVG-61","reference_id":"AVG-61","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-61"},{"reference_url":"https://security.archlinux.org/AVG-63","reference_id":"AVG-63","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-63"},{"reference_url":"https://security.archlinux.org/AVG-66","reference_id":"AVG-66","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-66"},{"reference_url":"https://security.gentoo.org/glsa/201701-47","reference_id":"GLSA-201701-47","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-47"}],"fixed_packages":[],"aliases":["CVE-2016-8618"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sesh-938m-x3f8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6741?format=json","vulnerability_id":"VCID-snsg-c2up-b7cn","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8623.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8623.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-8623","reference_id":"","reference_type":"","scores":[{"value":"0.01171","scoring_system":"epss","scoring_elements":"0.79018","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-8623"},{"reference_url":"https://curl.se/docs/CVE-2016-8623.html","reference_id":"","reference_type":"","scores":[{"value":"High","scoring_system":"cvssv3.1","scoring_elements":""}],"url":"https://curl.se/docs/CVE-2016-8623.html"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8615","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8615"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8616","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8616"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8617","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8617"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8618","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8618"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8619","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8619"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8620","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8620"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8621","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8621"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8622","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8622"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8623","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8623"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8624","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8624"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1388388","reference_id":"1388388","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1388388"},{"reference_url":"https://security.archlinux.org/ASA-201611-10","reference_id":"ASA-201611-10","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-10"},{"reference_url":"https://security.archlinux.org/ASA-201611-4","reference_id":"ASA-201611-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-4"},{"reference_url":"https://security.archlinux.org/ASA-201611-5","reference_id":"ASA-201611-5","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-5"},{"reference_url":"https://security.archlinux.org/ASA-201611-7","reference_id":"ASA-201611-7","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-7"},{"reference_url":"https://security.archlinux.org/ASA-201611-8","reference_id":"ASA-201611-8","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-8"},{"reference_url":"https://security.archlinux.org/ASA-201611-9","reference_id":"ASA-201611-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-9"},{"reference_url":"https://security.archlinux.org/AVG-60","reference_id":"AVG-60","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-60"},{"reference_url":"https://security.archlinux.org/AVG-61","reference_id":"AVG-61","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-61"},{"reference_url":"https://security.archlinux.org/AVG-62","reference_id":"AVG-62","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-62"},{"reference_url":"https://security.archlinux.org/AVG-63","reference_id":"AVG-63","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-63"},{"reference_url":"https://security.archlinux.org/AVG-65","reference_id":"AVG-65","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-65"},{"reference_url":"https://security.archlinux.org/AVG-66","reference_id":"AVG-66","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-66"},{"reference_url":"https://security.gentoo.org/glsa/201701-47","reference_id":"GLSA-201701-47","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-47"}],"fixed_packages":[],"aliases":["CVE-2016-8623"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-snsg-c2up-b7cn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65674?format=json","vulnerability_id":"VCID-swmn-7ns9-ekg1","summary":"An IMAP FETCH response line indicates the size of the returned data, in number of bytes. When that response says the data is zero bytes, libcurl would pass on that (non-existing) data with a pointer and the size (zero) to the deliver-data function. libcurl's deliver-data function treats zero as a magic number and invokes strlen() on the data to figure out the length. The strlen() is called on a heap based buffer that might not be zero terminated so libcurl might read beyond the end of it into whatever memory lies after (or just crash) and then deliver that to the application as if it was actually downloaded.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000257.json","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000257.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-1000257","reference_id":"","reference_type":"","scores":[{"value":"0.00863","scoring_system":"epss","scoring_elements":"0.75438","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-1000257"},{"reference_url":"https://curl.se/docs/CVE-2017-1000257.html","reference_id":"","reference_type":"","scores":[{"value":"Medium","scoring_system":"cvssv3.1","scoring_elements":""}],"url":"https://curl.se/docs/CVE-2017-1000257.html"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000257","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000257"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1503705","reference_id":"1503705","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1503705"},{"reference_url":"https://security.archlinux.org/ASA-201711-10","reference_id":"ASA-201711-10","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201711-10"},{"reference_url":"https://security.archlinux.org/ASA-201711-11","reference_id":"ASA-201711-11","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201711-11"},{"reference_url":"https://security.archlinux.org/ASA-201711-6","reference_id":"ASA-201711-6","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201711-6"},{"reference_url":"https://security.archlinux.org/ASA-201711-7","reference_id":"ASA-201711-7","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201711-7"},{"reference_url":"https://security.archlinux.org/ASA-201711-8","reference_id":"ASA-201711-8","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201711-8"},{"reference_url":"https://security.archlinux.org/ASA-201711-9","reference_id":"ASA-201711-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201711-9"},{"reference_url":"https://security.archlinux.org/AVG-462","reference_id":"AVG-462","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-462"},{"reference_url":"https://security.archlinux.org/AVG-463","reference_id":"AVG-463","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-463"},{"reference_url":"https://security.archlinux.org/AVG-464","reference_id":"AVG-464","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-464"},{"reference_url":"https://security.archlinux.org/AVG-465","reference_id":"AVG-465","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-465"},{"reference_url":"https://security.archlinux.org/AVG-466","reference_id":"AVG-466","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-466"},{"reference_url":"https://security.archlinux.org/AVG-467","reference_id":"AVG-467","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-467"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3263","reference_id":"RHSA-2017:3263","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3263"}],"fixed_packages":[],"aliases":["CVE-2017-1000257"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-swmn-7ns9-ekg1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51065?format=json","vulnerability_id":"VCID-tgwb-8x2b-abfy","summary":"mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If the header value is not present in the charset conversion table, a fallback mechanism is used to truncate it to a two characters value to allow a quick retry (for example, 'en-US' is truncated to 'en'). A header value of less than two characters forces an out of bound write of one NUL byte to a memory location that is not part of the string. In the worst case, quite unlikely, the process would crash which could be used as a Denial of Service attack. In the more likely case, this memory is already reserved for future use and the issue has no effect at all.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15710.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15710.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15710","reference_id":"","reference_type":"","scores":[{"value":"0.13193","scoring_system":"epss","scoring_elements":"0.94263","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15710"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1560599","reference_id":"1560599","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1560599"},{"reference_url":"https://security.archlinux.org/ASA-201804-4","reference_id":"ASA-201804-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201804-4"},{"reference_url":"https://security.archlinux.org/AVG-664","reference_id":"AVG-664","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-664"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2017-15710.json","reference_id":"CVE-2017-15710","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2017-15710.json"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0366","reference_id":"RHSA-2019:0366","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0366"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0367","reference_id":"RHSA-2019:0367","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0367"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1121","reference_id":"RHSA-2020:1121","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1121"}],"fixed_packages":[],"aliases":["CVE-2017-15710"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tgwb-8x2b-abfy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43999?format=json","vulnerability_id":"VCID-tn33-re3r-yfhw","summary":"Out-of-bounds Write\nA buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 in the FTP URL handling that allows an attacker to cause a denial of service or worse.","references":[{"reference_url":"https://access.redhat.com/errata/RHBA-2019:0327","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHBA-2019:0327"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3157","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:3157"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3558","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:3558"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1543","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:1543"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0544","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2020:0544"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0594","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2020:0594"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000120.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000120.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1000120","reference_id":"","reference_type":"","scores":[{"value":"0.01298","scoring_system":"epss","scoring_elements":"0.80056","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1000120"},{"reference_url":"https://curl.haxx.se/docs/adv_2018-9cd6.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://curl.haxx.se/docs/adv_2018-9cd6.html"},{"reference_url":"https://github.com/coapp-packages/curl","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/coapp-packages/curl"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/03/msg00012.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2018/03/msg00012.html"},{"reference_url":"https://usn.ubuntu.com/3598-1","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/3598-1"},{"reference_url":"https://usn.ubuntu.com/3598-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3598-1/"},{"reference_url":"https://usn.ubuntu.com/3598-2","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/3598-2"},{"reference_url":"https://usn.ubuntu.com/3598-2/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3598-2/"},{"reference_url":"https://web.archive.org/web/20201220134105/http://www.securitytracker.com/id/1040531","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20201220134105/http://www.securitytracker.com/id/1040531"},{"reference_url":"https://web.archive.org/web/20201220134609/http://www.securityfocus.com/bid/103414","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20201220134609/http://www.securityfocus.com/bid/103414"},{"reference_url":"https://www.debian.org/security/2018/dsa-4136","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2018/dsa-4136"},{"reference_url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"},{"reference_url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"},{"reference_url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1552628","reference_id":"1552628","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1552628"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=893546","reference_id":"893546","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=893546"},{"reference_url":"https://security.archlinux.org/ASA-201803-15","reference_id":"ASA-201803-15","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201803-15"},{"reference_url":"https://security.archlinux.org/ASA-201803-16","reference_id":"ASA-201803-16","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201803-16"},{"reference_url":"https://security.archlinux.org/ASA-201803-17","reference_id":"ASA-201803-17","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201803-17"},{"reference_url":"https://security.archlinux.org/ASA-201803-18","reference_id":"ASA-201803-18","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201803-18"},{"reference_url":"https://security.archlinux.org/ASA-201803-19","reference_id":"ASA-201803-19","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201803-19"},{"reference_url":"https://security.archlinux.org/ASA-201803-20","reference_id":"ASA-201803-20","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201803-20"},{"reference_url":"https://security.archlinux.org/AVG-653","reference_id":"AVG-653","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-653"},{"reference_url":"https://security.archlinux.org/AVG-654","reference_id":"AVG-654","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-654"},{"reference_url":"https://security.archlinux.org/AVG-655","reference_id":"AVG-655","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-655"},{"reference_url":"https://security.archlinux.org/AVG-656","reference_id":"AVG-656","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-656"},{"reference_url":"https://security.archlinux.org/AVG-660","reference_id":"AVG-660","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-660"},{"reference_url":"https://security.archlinux.org/AVG-661","reference_id":"AVG-661","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-661"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1000120","reference_id":"CVE-2018-1000120","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1000120"},{"reference_url":"https://curl.se/docs/CVE-2018-1000120.html","reference_id":"CVE-2018-1000120.HTML","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"High","scoring_system":"cvssv3.1","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://curl.se/docs/CVE-2018-1000120.html"},{"reference_url":"https://github.com/advisories/GHSA-674j-7m97-j2p9","reference_id":"GHSA-674j-7m97-j2p9","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-674j-7m97-j2p9"},{"reference_url":"https://security.gentoo.org/glsa/201804-04","reference_id":"GLSA-201804-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201804-04"}],"fixed_packages":[],"aliases":["CVE-2018-1000120","GHSA-674j-7m97-j2p9"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tn33-re3r-yfhw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65664?format=json","vulnerability_id":"VCID-ugrr-z2zv-6qgp","summary":"curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse of a previously loaded client certificate from file for a connection for which no certificate has been set, a different vulnerability than CVE-2016-5420.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7141.json","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7141.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-7141","reference_id":"","reference_type":"","scores":[{"value":"0.00524","scoring_system":"epss","scoring_elements":"0.67282","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-7141"},{"reference_url":"https://curl.se/docs/CVE-2016-7141.html","reference_id":"","reference_type":"","scores":[{"value":"High","scoring_system":"cvssv3.1","scoring_elements":""}],"url":"https://curl.se/docs/CVE-2016-7141.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1373229","reference_id":"1373229","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1373229"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=836918","reference_id":"836918","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=836918"},{"reference_url":"https://security.gentoo.org/glsa/201701-47","reference_id":"GLSA-201701-47","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-47"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2575","reference_id":"RHSA-2016:2575","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2575"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2957","reference_id":"RHSA-2016:2957","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2957"}],"fixed_packages":[],"aliases":["CVE-2016-7141"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ugrr-z2zv-6qgp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6743?format=json","vulnerability_id":"VCID-vfc1-yy11-bycp","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8619.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8619.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-8619","reference_id":"","reference_type":"","scores":[{"value":"0.03314","scoring_system":"epss","scoring_elements":"0.87485","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-8619"},{"reference_url":"https://curl.se/docs/CVE-2016-8619.html","reference_id":"","reference_type":"","scores":[{"value":"High","scoring_system":"cvssv3.1","scoring_elements":""}],"url":"https://curl.se/docs/CVE-2016-8619.html"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8615","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8615"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8616","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8616"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8617","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8617"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8618","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8618"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8619","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8619"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8620","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8620"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8621","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8621"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8622","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8622"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8623","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8623"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8624","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8624"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1388379","reference_id":"1388379","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1388379"},{"reference_url":"https://security.archlinux.org/ASA-201611-10","reference_id":"ASA-201611-10","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-10"},{"reference_url":"https://security.archlinux.org/ASA-201611-4","reference_id":"ASA-201611-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-4"},{"reference_url":"https://security.archlinux.org/ASA-201611-5","reference_id":"ASA-201611-5","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-5"},{"reference_url":"https://security.archlinux.org/ASA-201611-7","reference_id":"ASA-201611-7","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-7"},{"reference_url":"https://security.archlinux.org/ASA-201611-8","reference_id":"ASA-201611-8","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-8"},{"reference_url":"https://security.archlinux.org/ASA-201611-9","reference_id":"ASA-201611-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-9"},{"reference_url":"https://security.archlinux.org/AVG-60","reference_id":"AVG-60","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-60"},{"reference_url":"https://security.archlinux.org/AVG-61","reference_id":"AVG-61","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-61"},{"reference_url":"https://security.archlinux.org/AVG-62","reference_id":"AVG-62","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-62"},{"reference_url":"https://security.archlinux.org/AVG-63","reference_id":"AVG-63","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-63"},{"reference_url":"https://security.archlinux.org/AVG-65","reference_id":"AVG-65","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-65"},{"reference_url":"https://security.archlinux.org/AVG-66","reference_id":"AVG-66","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-66"},{"reference_url":"https://security.gentoo.org/glsa/201701-47","reference_id":"GLSA-201701-47","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-47"}],"fixed_packages":[],"aliases":["CVE-2016-8619"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vfc1-yy11-bycp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6745?format=json","vulnerability_id":"VCID-xyze-msxs-1qem","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8617.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8617.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-8617","reference_id":"","reference_type":"","scores":[{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24672","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-8617"},{"reference_url":"https://curl.se/docs/CVE-2016-8617.html","reference_id":"","reference_type":"","scores":[{"value":"Medium","scoring_system":"cvssv3.1","scoring_elements":""}],"url":"https://curl.se/docs/CVE-2016-8617.html"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8615","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8615"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8616","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8616"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8617","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8617"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8618","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8618"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8619","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8619"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8620","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8620"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8621","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8621"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8622","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8622"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8623","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8623"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8624","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8624"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1388377","reference_id":"1388377","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1388377"},{"reference_url":"https://security.archlinux.org/ASA-201611-10","reference_id":"ASA-201611-10","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-10"},{"reference_url":"https://security.archlinux.org/ASA-201611-4","reference_id":"ASA-201611-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-4"},{"reference_url":"https://security.archlinux.org/ASA-201611-5","reference_id":"ASA-201611-5","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-5"},{"reference_url":"https://security.archlinux.org/ASA-201611-7","reference_id":"ASA-201611-7","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-7"},{"reference_url":"https://security.archlinux.org/ASA-201611-8","reference_id":"ASA-201611-8","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-8"},{"reference_url":"https://security.archlinux.org/ASA-201611-9","reference_id":"ASA-201611-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-9"},{"reference_url":"https://security.archlinux.org/AVG-60","reference_id":"AVG-60","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-60"},{"reference_url":"https://security.archlinux.org/AVG-61","reference_id":"AVG-61","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-61"},{"reference_url":"https://security.archlinux.org/AVG-62","reference_id":"AVG-62","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-62"},{"reference_url":"https://security.archlinux.org/AVG-63","reference_id":"AVG-63","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-63"},{"reference_url":"https://security.archlinux.org/AVG-65","reference_id":"AVG-65","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-65"},{"reference_url":"https://security.archlinux.org/AVG-66","reference_id":"AVG-66","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-66"},{"reference_url":"https://security.gentoo.org/glsa/201701-47","reference_id":"GLSA-201701-47","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-47"}],"fixed_packages":[],"aliases":["CVE-2016-8617"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xyze-msxs-1qem"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65677?format=json","vulnerability_id":"VCID-zqyj-7rr3-fqew","summary":"The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which leads to a heap-based buffer over-read.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7407.json","reference_id":"","reference_type":"","scores":[{"value":"2.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7407.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7407","reference_id":"","reference_type":"","scores":[{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42076","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7407"},{"reference_url":"https://curl.se/docs/CVE-2017-7407.html","reference_id":"","reference_type":"","scores":[{"value":"Medium","scoring_system":"cvssv3.1","scoring_elements":""}],"url":"https://curl.se/docs/CVE-2017-7407.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1439190","reference_id":"1439190","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1439190"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859500","reference_id":"859500","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859500"},{"reference_url":"https://security.gentoo.org/glsa/201709-14","reference_id":"GLSA-201709-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201709-14"}],"fixed_packages":[],"aliases":["CVE-2017-7407"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zqyj-7rr3-fqew"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6742?format=json","vulnerability_id":"VCID-zv25-wupq-bqfk","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8621.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8621.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-8621","reference_id":"","reference_type":"","scores":[{"value":"0.03165","scoring_system":"epss","scoring_elements":"0.87167","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-8621"},{"reference_url":"https://curl.se/docs/CVE-2016-8621.html","reference_id":"","reference_type":"","scores":[{"value":"Medium","scoring_system":"cvssv3.1","scoring_elements":""}],"url":"https://curl.se/docs/CVE-2016-8621.html"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8615","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8615"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8616","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8616"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8617","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8617"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8618","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8618"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8619","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8619"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8620","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8620"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8621","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8621"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8622","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8622"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8623","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8623"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8624","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8624"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1388385","reference_id":"1388385","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1388385"},{"reference_url":"https://security.archlinux.org/ASA-201611-10","reference_id":"ASA-201611-10","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-10"},{"reference_url":"https://security.archlinux.org/ASA-201611-4","reference_id":"ASA-201611-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-4"},{"reference_url":"https://security.archlinux.org/ASA-201611-5","reference_id":"ASA-201611-5","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-5"},{"reference_url":"https://security.archlinux.org/ASA-201611-7","reference_id":"ASA-201611-7","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-7"},{"reference_url":"https://security.archlinux.org/ASA-201611-8","reference_id":"ASA-201611-8","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-8"},{"reference_url":"https://security.archlinux.org/ASA-201611-9","reference_id":"ASA-201611-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-9"},{"reference_url":"https://security.archlinux.org/AVG-60","reference_id":"AVG-60","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-60"},{"reference_url":"https://security.archlinux.org/AVG-61","reference_id":"AVG-61","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-61"},{"reference_url":"https://security.archlinux.org/AVG-62","reference_id":"AVG-62","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-62"},{"reference_url":"https://security.archlinux.org/AVG-63","reference_id":"AVG-63","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-63"},{"reference_url":"https://security.archlinux.org/AVG-65","reference_id":"AVG-65","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-65"},{"reference_url":"https://security.archlinux.org/AVG-66","reference_id":"AVG-66","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-66"},{"reference_url":"https://security.gentoo.org/glsa/201701-47","reference_id":"GLSA-201701-47","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-47"}],"fixed_packages":[],"aliases":["CVE-2016-8621"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zv25-wupq-bqfk"}],"fixing_vulnerabilities":[],"risk_score":"4.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/httpd24-curl@7.61.1-1%3Farch=el6"}