{"url":"http://public2.vulnerablecode.io/api/packages/158397?format=json","purl":"pkg:rpm/redhat/katello-selinux@3.0.1.2-1?arch=el7sat","type":"rpm","namespace":"redhat","name":"katello-selinux","version":"3.0.1.2-1","qualifiers":{"arch":"el7sat"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/113374?format=json","vulnerability_id":"VCID-3bv2-p78x-m7a3","summary":"foreman: XSS in hidden parameter value switcher","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5282.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5282.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5282","reference_id":"","reference_type":"","scores":[{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.63089","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.63134","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.63142","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5282"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1264221","reference_id":"1264221","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1264221"}],"fixed_packages":[],"aliases":["CVE-2015-5282"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3bv2-p78x-m7a3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/112927?format=json","vulnerability_id":"VCID-cemf-td1j-v3d6","summary":"pulp: Node certificate containing private key stored in world-readable file","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3107.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3107.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3107","reference_id":"","reference_type":"","scores":[{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.09207","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.0925","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.09269","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3107"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1325930","reference_id":"1325930","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1325930"}],"fixed_packages":[],"aliases":["CVE-2016-3107"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cemf-td1j-v3d6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/112928?format=json","vulnerability_id":"VCID-jxfe-1nds-nyew","summary":"pulp: Insecure temporary file used when generating certificate for Pulp Nodes","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3108.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3108.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3108","reference_id":"","reference_type":"","scores":[{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12779","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12861","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12866","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3108"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1325934","reference_id":"1325934","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1325934"}],"fixed_packages":[],"aliases":["CVE-2016-3108"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jxfe-1nds-nyew"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/112930?format=json","vulnerability_id":"VCID-qejk-hsck-qqad","summary":"pulp: Race condition when generating RSA keys for authenticating messages between server and consumers","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3111.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3111.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3111","reference_id":"","reference_type":"","scores":[{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.15166","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.15252","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.15242","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3111"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1326251","reference_id":"1326251","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1326251"}],"fixed_packages":[],"aliases":["CVE-2016-3111"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qejk-hsck-qqad"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/112929?format=json","vulnerability_id":"VCID-w8ek-nxjq-ryfd","summary":"pulp: Agent certificate containing private key is stored in world-readable file","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3112.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3112.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3112","reference_id":"","reference_type":"","scores":[{"value":"0.00421","scoring_system":"epss","scoring_elements":"0.62303","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00421","scoring_system":"epss","scoring_elements":"0.62349","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00421","scoring_system":"epss","scoring_elements":"0.62356","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3112"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1326242","reference_id":"1326242","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1326242"}],"fixed_packages":[],"aliases":["CVE-2016-3112"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w8ek-nxjq-ryfd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/112870?format=json","vulnerability_id":"VCID-xwfr-csmn-xbea","summary":"foreman: Missing input validation in Smart Proxy allows RCE via TFTP file variant parameter","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3728.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3728.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3728","reference_id":"","reference_type":"","scores":[{"value":"0.02004","scoring_system":"epss","scoring_elements":"0.83999","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02004","scoring_system":"epss","scoring_elements":"0.84022","published_at":"2026-06-05T12:55:00Z"},{"value":"0.02004","scoring_system":"epss","scoring_elements":"0.84025","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3728"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1333378","reference_id":"1333378","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1333378"}],"fixed_packages":[],"aliases":["CVE-2016-3728"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xwfr-csmn-xbea"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/113483?format=json","vulnerability_id":"VCID-yz4x-tk7k-3uc2","summary":"Foreman: API permits HTTP requests when require_ssl is enabled","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5152.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5152.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5152","reference_id":"","reference_type":"","scores":[{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52797","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52858","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52864","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5152"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1243571","reference_id":"1243571","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1243571"}],"fixed_packages":[],"aliases":["CVE-2015-5152"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yz4x-tk7k-3uc2"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/katello-selinux@3.0.1.2-1%3Farch=el7sat"}