{"url":"http://public2.vulnerablecode.io/api/packages/158459?format=json","purl":"pkg:rpm/redhat/qpid-qmf@0.30-5?arch=el6","type":"rpm","namespace":"redhat","name":"qpid-qmf","version":"0.30-5","qualifiers":{"arch":"el6"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/113765?format=json","vulnerability_id":"VCID-2nna-s9bv-sycc","summary":"foreman: lack of SSL certificate validation when performing LDAPS authentication","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1816.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1816.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1816","reference_id":"","reference_type":"","scores":[{"value":"0.00217","scoring_system":"epss","scoring_elements":"0.44263","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00217","scoring_system":"epss","scoring_elements":"0.44331","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1816"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1208602","reference_id":"1208602","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1208602"}],"fixed_packages":[],"aliases":["CVE-2015-1816"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2nna-s9bv-sycc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/113374?format=json","vulnerability_id":"VCID-3bv2-p78x-m7a3","summary":"foreman: XSS in hidden parameter value switcher","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5282.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5282.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5282","reference_id":"","reference_type":"","scores":[{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.63089","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.63134","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5282"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1264221","reference_id":"1264221","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1264221"}],"fixed_packages":[],"aliases":["CVE-2015-5282"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3bv2-p78x-m7a3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/114060?format=json","vulnerability_id":"VCID-bumt-76s4-47da","summary":"foreman: cross-site scripting (XSS) flaw in template preview screen","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3653.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3653.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3653","reference_id":"","reference_type":"","scores":[{"value":"0.00389","scoring_system":"epss","scoring_elements":"0.60331","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00389","scoring_system":"epss","scoring_elements":"0.60377","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3653"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1145398","reference_id":"1145398","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1145398"}],"fixed_packages":[],"aliases":["CVE-2014-3653"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bumt-76s4-47da"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/112927?format=json","vulnerability_id":"VCID-cemf-td1j-v3d6","summary":"pulp: Node certificate containing private key stored in world-readable file","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3107.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3107.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3107","reference_id":"","reference_type":"","scores":[{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.09207","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.0925","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3107"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1325930","reference_id":"1325930","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1325930"}],"fixed_packages":[],"aliases":["CVE-2016-3107"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cemf-td1j-v3d6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/112928?format=json","vulnerability_id":"VCID-jxfe-1nds-nyew","summary":"pulp: Insecure temporary file used when generating certificate for Pulp Nodes","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3108.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3108.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3108","reference_id":"","reference_type":"","scores":[{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12779","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12861","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3108"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1325934","reference_id":"1325934","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1325934"}],"fixed_packages":[],"aliases":["CVE-2016-3108"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jxfe-1nds-nyew"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/113555?format=json","vulnerability_id":"VCID-m7u7-uh4a-8yhe","summary":"foreman: edit_users permission allows changing of admin passwords","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3235.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3235.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3235","reference_id":"","reference_type":"","scores":[{"value":"0.0057","scoring_system":"epss","scoring_elements":"0.68959","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0057","scoring_system":"epss","scoring_elements":"0.68998","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3235"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1232366","reference_id":"1232366","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1232366"}],"fixed_packages":[],"aliases":["CVE-2015-3235"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m7u7-uh4a-8yhe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/112930?format=json","vulnerability_id":"VCID-qejk-hsck-qqad","summary":"pulp: Race condition when generating RSA keys for authenticating messages between server and consumers","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3111.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3111.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3111","reference_id":"","reference_type":"","scores":[{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.15166","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.15252","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3111"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1326251","reference_id":"1326251","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1326251"}],"fixed_packages":[],"aliases":["CVE-2016-3111"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qejk-hsck-qqad"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/113707?format=json","vulnerability_id":"VCID-qjt7-u7kg-4kb9","summary":"foreman: API not scoping resources to taxonomies","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1844.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1844.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1844","reference_id":"","reference_type":"","scores":[{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49702","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49765","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1844"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1207589","reference_id":"1207589","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1207589"}],"fixed_packages":[],"aliases":["CVE-2015-1844"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qjt7-u7kg-4kb9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/113626?format=json","vulnerability_id":"VCID-r6rk-smsu-m7d5","summary":"foreman: the _session_id cookie is issued without the Secure flag","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3155.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3155.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3155","reference_id":"","reference_type":"","scores":[{"value":"0.0056","scoring_system":"epss","scoring_elements":"0.68622","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0056","scoring_system":"epss","scoring_elements":"0.68663","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3155"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1216035","reference_id":"1216035","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1216035"}],"fixed_packages":[],"aliases":["CVE-2015-3155"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r6rk-smsu-m7d5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34882?format=json","vulnerability_id":"VCID-sfq1-wcc6-jkdt","summary":"The Server.verify_request function in SimpleGeo python-oauth2 does not check the nonce, which allows remote attackers to perform replay attacks via a signed URL.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1591","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2015:1591"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1592","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2015:1592"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4346.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4346.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2013-4346","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2013-4346"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4346","reference_id":"","reference_type":"","scores":[{"value":"0.005","scoring_system":"epss","scoring_elements":"0.663","published_at":"2026-06-04T12:55:00Z"},{"value":"0.005","scoring_system":"epss","scoring_elements":"0.66351","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4346"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1007746","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1007746"},{"reference_url":"https://github.com/joestump/python-oauth2","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/joestump/python-oauth2"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/oauth2/PYSEC-2014-85.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/oauth2/PYSEC-2014-85.yaml"},{"reference_url":"https://github.com/simplegeo/python-oauth2/issues/129","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/simplegeo/python-oauth2/issues/129"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4346","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4346"},{"reference_url":"https://web.archive.org/web/20200228063302/http://www.securityfocus.com/bid/62386","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200228063302/http://www.securityfocus.com/bid/62386"},{"reference_url":"http://www.openwall.com/lists/oss-security/2013/09/12/7","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2013/09/12/7"},{"reference_url":"http://www.securityfocus.com/bid/62386","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/62386"},{"reference_url":"https://github.com/advisories/GHSA-4433-4cxq-vv73","reference_id":"GHSA-4433-4cxq-vv73","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-4433-4cxq-vv73"}],"fixed_packages":[],"aliases":["CVE-2013-4346","GHSA-4433-4cxq-vv73","PYSEC-2014-85"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sfq1-wcc6-jkdt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/114111?format=json","vulnerability_id":"VCID-u4r1-a2p1-q7cm","summary":"rhn_satellite_6: cross-site request forgery (CSRF) can force logout","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3590.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3590.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3590","reference_id":"","reference_type":"","scores":[{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.47631","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.47695","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3590"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1128108","reference_id":"1128108","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1128108"}],"fixed_packages":[],"aliases":["CVE-2014-3590"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u4r1-a2p1-q7cm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/112929?format=json","vulnerability_id":"VCID-w8ek-nxjq-ryfd","summary":"pulp: Agent certificate containing private key is stored in world-readable file","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3112.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3112.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3112","reference_id":"","reference_type":"","scores":[{"value":"0.00421","scoring_system":"epss","scoring_elements":"0.62303","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00421","scoring_system":"epss","scoring_elements":"0.62349","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3112"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1326242","reference_id":"1326242","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1326242"}],"fixed_packages":[],"aliases":["CVE-2016-3112"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w8ek-nxjq-ryfd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/112870?format=json","vulnerability_id":"VCID-xwfr-csmn-xbea","summary":"foreman: Missing input validation in Smart Proxy allows RCE via TFTP file variant parameter","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3728.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3728.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3728","reference_id":"","reference_type":"","scores":[{"value":"0.02004","scoring_system":"epss","scoring_elements":"0.83999","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02004","scoring_system":"epss","scoring_elements":"0.84022","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3728"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1333378","reference_id":"1333378","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1333378"}],"fixed_packages":[],"aliases":["CVE-2016-3728"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xwfr-csmn-xbea"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34883?format=json","vulnerability_id":"VCID-y65f-py17-z7d5","summary":"The (1) make_nonce, (2) generate_nonce, and (3) generate_verifier functions in SimpleGeo python-oauth2 uses weak random numbers to generate nonces, which makes it easier for remote attackers to guess the nonce via a brute force attack.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1591","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2015:1591"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1592","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2015:1592"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4347.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4347.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2013-4347","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2013-4347"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4347","reference_id":"","reference_type":"","scores":[{"value":"0.00432","scoring_system":"epss","scoring_elements":"0.63016","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00432","scoring_system":"epss","scoring_elements":"0.62974","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4347"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1007758","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1007758"},{"reference_url":"https://github.com/joestump/python-oauth2","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/joestump/python-oauth2"},{"reference_url":"https://github.com/joestump/python-oauth2/commit/82dd2cdd4954cd7b8983d5d64c0dfd9072bf4650","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/joestump/python-oauth2/commit/82dd2cdd4954cd7b8983d5d64c0dfd9072bf4650"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/oauth2/PYSEC-2014-86.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/oauth2/PYSEC-2014-86.yaml"},{"reference_url":"https://github.com/simplegeo/python-oauth2/issues/9","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/simplegeo/python-oauth2/issues/9"},{"reference_url":"https://github.com/simplegeo/python-oauth2/pull/146","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/simplegeo/python-oauth2/pull/146"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4347","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4347"},{"reference_url":"http://www.openwall.com/lists/oss-security/2013/09/12/7","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2013/09/12/7"},{"reference_url":"http://www.securityfocus.com/bid/62388","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/62388"},{"reference_url":"https://github.com/advisories/GHSA-rv8h-p43r-4x5r","reference_id":"GHSA-rv8h-p43r-4x5r","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-rv8h-p43r-4x5r"}],"fixed_packages":[],"aliases":["CVE-2013-4347","GHSA-rv8h-p43r-4x5r","PYSEC-2014-86"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y65f-py17-z7d5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/113483?format=json","vulnerability_id":"VCID-yz4x-tk7k-3uc2","summary":"Foreman: API permits HTTP requests when require_ssl is enabled","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5152.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5152.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5152","reference_id":"","reference_type":"","scores":[{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52797","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52858","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5152"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1243571","reference_id":"1243571","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1243571"}],"fixed_packages":[],"aliases":["CVE-2015-5152"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yz4x-tk7k-3uc2"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/qpid-qmf@0.30-5%3Farch=el6"}