{"url":"http://public2.vulnerablecode.io/api/packages/165753?format=json","purl":"pkg:rpm/redhat/php54-php@5.4.40-1?arch=el7","type":"rpm","namespace":"redhat","name":"php54-php","version":"5.4.40-1","qualifiers":{"arch":"el7"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/113757?format=json","vulnerability_id":"VCID-1nzn-jd11-mudw","summary":"php: SoapClient's do_soap_call() type confusion after unserialize()","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4148.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4148.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4148","reference_id":"","reference_type":"","scores":[{"value":"0.11836","scoring_system":"epss","scoring_elements":"0.93853","published_at":"2026-06-04T12:55:00Z"},{"value":"0.11836","scoring_system":"epss","scoring_elements":"0.93863","published_at":"2026-06-05T12:55:00Z"},{"value":"0.11836","scoring_system":"epss","scoring_elements":"0.93862","published_at":"2026-06-07T12:55:00Z"},{"value":"0.11836","scoring_system":"epss","scoring_elements":"0.93861","published_at":"2026-06-08T12:55:00Z"},{"value":"0.11836","scoring_system":"epss","scoring_elements":"0.93867","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4148"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1226916","reference_id":"1226916","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1226916"},{"reference_url":"http://lab.truel.it/d/advisories/TL-2015-PHP04.txt","reference_id":"CVE-2015-4148;OSVDB-125855;OSVDB-119772","reference_type":"exploit","scores":[],"url":"http://lab.truel.it/d/advisories/TL-2015-PHP04.txt"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/38304.py","reference_id":"CVE-2015-4148;OSVDB-125855;OSVDB-119772","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/38304.py"},{"reference_url":"https://security.gentoo.org/glsa/201606-10","reference_id":"GLSA-201606-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201606-10"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1053","reference_id":"RHSA-2015:1053","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1053"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1066","reference_id":"RHSA-2015:1066","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1066"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1135","reference_id":"RHSA-2015:1135","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1135"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1218","reference_id":"RHSA-2015:1218","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1218"},{"reference_url":"https://usn.ubuntu.com/2658-1/","reference_id":"USN-2658-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2658-1/"}],"fixed_packages":[],"aliases":["CVE-2015-4148"],"risk_score":0.2,"exploitability":"2.0","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1nzn-jd11-mudw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/113633?format=json","vulnerability_id":"VCID-4nfu-3upc-k3gz","summary":"php: pipelined request executed in deinitialized interpreter under httpd 2.4","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3330.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3330.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3330","reference_id":"","reference_type":"","scores":[{"value":"0.38958","scoring_system":"epss","scoring_elements":"0.97349","published_at":"2026-06-04T12:55:00Z"},{"value":"0.38958","scoring_system":"epss","scoring_elements":"0.97354","published_at":"2026-06-05T12:55:00Z"},{"value":"0.38958","scoring_system":"epss","scoring_elements":"0.97356","published_at":"2026-06-07T12:55:00Z"},{"value":"0.38958","scoring_system":"epss","scoring_elements":"0.97357","published_at":"2026-06-08T12:55:00Z"},{"value":"0.38958","scoring_system":"epss","scoring_elements":"0.97358","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3330"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2301","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2331","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2331"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2348","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2348"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2787","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2787"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3330","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3330"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1213394","reference_id":"1213394","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1213394"},{"reference_url":"https://security.gentoo.org/glsa/201606-10","reference_id":"GLSA-201606-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201606-10"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1066","reference_id":"RHSA-2015:1066","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1066"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1135","reference_id":"RHSA-2015:1135","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1135"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1186","reference_id":"RHSA-2015:1186","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1186"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1187","reference_id":"RHSA-2015:1187","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1187"},{"reference_url":"https://usn.ubuntu.com/2572-1/","reference_id":"USN-2572-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2572-1/"}],"fixed_packages":[],"aliases":["CVE-2015-3330"],"risk_score":0.2,"exploitability":"0.5","weighted_severity":"0.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4nfu-3upc-k3gz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/113759?format=json","vulnerability_id":"VCID-56d2-mxdk-mufx","summary":"php: use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2787.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2787.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2787","reference_id":"","reference_type":"","scores":[{"value":"0.26397","scoring_system":"epss","scoring_elements":"0.96417","published_at":"2026-06-04T12:55:00Z"},{"value":"0.26397","scoring_system":"epss","scoring_elements":"0.96421","published_at":"2026-06-05T12:55:00Z"},{"value":"0.26397","scoring_system":"epss","scoring_elements":"0.96425","published_at":"2026-06-06T12:55:00Z"},{"value":"0.26397","scoring_system":"epss","scoring_elements":"0.96426","published_at":"2026-06-08T12:55:00Z"},{"value":"0.26397","scoring_system":"epss","scoring_elements":"0.96432","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2787"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2301","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2331","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2331"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2348","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2348"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2787","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2787"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3330","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3330"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1207676","reference_id":"1207676","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1207676"},{"reference_url":"https://security.gentoo.org/glsa/201606-10","reference_id":"GLSA-201606-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201606-10"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1053","reference_id":"RHSA-2015:1053","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1053"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1066","reference_id":"RHSA-2015:1066","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1066"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1135","reference_id":"RHSA-2015:1135","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1135"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1218","reference_id":"RHSA-2015:1218","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1218"},{"reference_url":"https://usn.ubuntu.com/2572-1/","reference_id":"USN-2572-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2572-1/"}],"fixed_packages":[],"aliases":["CVE-2015-2787"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-56d2-mxdk-mufx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/113940?format=json","vulnerability_id":"VCID-5mwe-2xgb-v3bk","summary":"php: use after free in opcache extension","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1351.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1351.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1351","reference_id":"","reference_type":"","scores":[{"value":"0.1203","scoring_system":"epss","scoring_elements":"0.93914","published_at":"2026-06-04T12:55:00Z"},{"value":"0.1203","scoring_system":"epss","scoring_elements":"0.93923","published_at":"2026-06-06T12:55:00Z"},{"value":"0.1203","scoring_system":"epss","scoring_elements":"0.93924","published_at":"2026-06-07T12:55:00Z"},{"value":"0.1203","scoring_system":"epss","scoring_elements":"0.93921","published_at":"2026-06-08T12:55:00Z"},{"value":"0.1203","scoring_system":"epss","scoring_elements":"0.93927","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1351"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1185900","reference_id":"1185900","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1185900"},{"reference_url":"https://security.gentoo.org/glsa/201606-10","reference_id":"GLSA-201606-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201606-10"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1053","reference_id":"RHSA-2015:1053","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1053"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1066","reference_id":"RHSA-2015:1066","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1066"},{"reference_url":"https://usn.ubuntu.com/2501-1/","reference_id":"USN-2501-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2501-1/"}],"fixed_packages":[],"aliases":["CVE-2015-1351"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5mwe-2xgb-v3bk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/113635?format=json","vulnerability_id":"VCID-5p3g-543d-t3fk","summary":"php: buffer over-read in Phar metadata parsing","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2783.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2783.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2783","reference_id":"","reference_type":"","scores":[{"value":"0.09675","scoring_system":"epss","scoring_elements":"0.93053","published_at":"2026-06-04T12:55:00Z"},{"value":"0.09675","scoring_system":"epss","scoring_elements":"0.93064","published_at":"2026-06-05T12:55:00Z"},{"value":"0.09675","scoring_system":"epss","scoring_elements":"0.93062","published_at":"2026-06-06T12:55:00Z"},{"value":"0.09675","scoring_system":"epss","scoring_elements":"0.93058","published_at":"2026-06-07T12:55:00Z"},{"value":"0.09675","scoring_system":"epss","scoring_elements":"0.93055","published_at":"2026-06-08T12:55:00Z"},{"value":"0.09675","scoring_system":"epss","scoring_elements":"0.93065","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2783"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2783","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2783"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3307","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3307"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3329","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3329"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4021","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4021"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4022","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4022"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4024","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4024"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4025","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4025"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4026","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4026"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1213446","reference_id":"1213446","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1213446"},{"reference_url":"https://security.gentoo.org/glsa/201606-10","reference_id":"GLSA-201606-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201606-10"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1066","reference_id":"RHSA-2015:1066","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1066"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1135","reference_id":"RHSA-2015:1135","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1135"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1186","reference_id":"RHSA-2015:1186","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1186"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1187","reference_id":"RHSA-2015:1187","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1187"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1218","reference_id":"RHSA-2015:1218","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1218"},{"reference_url":"https://usn.ubuntu.com/2572-1/","reference_id":"USN-2572-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2572-1/"}],"fixed_packages":[],"aliases":["CVE-2015-2783"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5p3g-543d-t3fk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76120?format=json","vulnerability_id":"VCID-9fcm-gw6g-cqdw","summary":"The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used in PHP before 5.5.21 and 5.6.x before 5.6.5, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted GIF image that is improperly handled by the gdImageCreateFromGif function.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9709.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9709.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9709","reference_id":"","reference_type":"","scores":[{"value":"0.12088","scoring_system":"epss","scoring_elements":"0.93926","published_at":"2026-06-04T12:55:00Z"},{"value":"0.12088","scoring_system":"epss","scoring_elements":"0.93935","published_at":"2026-06-06T12:55:00Z"},{"value":"0.12088","scoring_system":"epss","scoring_elements":"0.93936","published_at":"2026-06-07T12:55:00Z"},{"value":"0.12088","scoring_system":"epss","scoring_elements":"0.93933","published_at":"2026-06-08T12:55:00Z"},{"value":"0.12088","scoring_system":"epss","scoring_elements":"0.9394","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9709"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2497","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2497"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9709","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9709"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1188639","reference_id":"1188639","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1188639"},{"reference_url":"https://security.gentoo.org/glsa/201606-10","reference_id":"GLSA-201606-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201606-10"},{"reference_url":"https://security.gentoo.org/glsa/201607-04","reference_id":"GLSA-201607-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201607-04"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1053","reference_id":"RHSA-2015:1053","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1053"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1066","reference_id":"RHSA-2015:1066","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1066"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1135","reference_id":"RHSA-2015:1135","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1135"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1218","reference_id":"RHSA-2015:1218","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1218"},{"reference_url":"https://usn.ubuntu.com/2987-1/","reference_id":"USN-2987-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2987-1/"}],"fixed_packages":[],"aliases":["CVE-2014-9709"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9fcm-gw6g-cqdw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/113760?format=json","vulnerability_id":"VCID-ba6x-3u5h-c3hz","summary":"php: move_uploaded_file() NUL byte injection in file name","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2348.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2348.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2348","reference_id":"","reference_type":"","scores":[{"value":"0.05553","scoring_system":"epss","scoring_elements":"0.90435","published_at":"2026-06-04T12:55:00Z"},{"value":"0.05553","scoring_system":"epss","scoring_elements":"0.9045","published_at":"2026-06-05T12:55:00Z"},{"value":"0.05553","scoring_system":"epss","scoring_elements":"0.90451","published_at":"2026-06-06T12:55:00Z"},{"value":"0.05553","scoring_system":"epss","scoring_elements":"0.90448","published_at":"2026-06-07T12:55:00Z"},{"value":"0.05553","scoring_system":"epss","scoring_elements":"0.90446","published_at":"2026-06-08T12:55:00Z"},{"value":"0.05553","scoring_system":"epss","scoring_elements":"0.90463","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2348"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2301","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2331","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2331"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2348","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2348"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2787","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2787"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3330","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3330"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1207682","reference_id":"1207682","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1207682"},{"reference_url":"https://security.gentoo.org/glsa/201606-10","reference_id":"GLSA-201606-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201606-10"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1053","reference_id":"RHSA-2015:1053","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1053"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1066","reference_id":"RHSA-2015:1066","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1066"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1135","reference_id":"RHSA-2015:1135","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1135"},{"reference_url":"https://usn.ubuntu.com/2572-1/","reference_id":"USN-2572-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2572-1/"}],"fixed_packages":[],"aliases":["CVE-2015-2348"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ba6x-3u5h-c3hz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/113943?format=json","vulnerability_id":"VCID-bddf-r47f-7qek","summary":"php: out of bounds read when parsing a crafted .php file","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9427.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9427.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9427","reference_id":"","reference_type":"","scores":[{"value":"0.02997","scoring_system":"epss","scoring_elements":"0.86814","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02997","scoring_system":"epss","scoring_elements":"0.86837","published_at":"2026-06-05T12:55:00Z"},{"value":"0.02997","scoring_system":"epss","scoring_elements":"0.86834","published_at":"2026-06-06T12:55:00Z"},{"value":"0.02997","scoring_system":"epss","scoring_elements":"0.86832","published_at":"2026-06-07T12:55:00Z"},{"value":"0.02997","scoring_system":"epss","scoring_elements":"0.86821","published_at":"2026-06-08T12:55:00Z"},{"value":"0.02997","scoring_system":"epss","scoring_elements":"0.86833","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9427"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8142","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8142"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9427","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9427"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1178736","reference_id":"1178736","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1178736"},{"reference_url":"https://security.gentoo.org/glsa/201503-03","reference_id":"GLSA-201503-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201503-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1053","reference_id":"RHSA-2015:1053","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1053"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1066","reference_id":"RHSA-2015:1066","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1066"},{"reference_url":"https://usn.ubuntu.com/2501-1/","reference_id":"USN-2501-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2501-1/"}],"fixed_packages":[],"aliases":["CVE-2014-9427"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bddf-r47f-7qek"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67908?format=json","vulnerability_id":"VCID-cb7e-afyx-eueb","summary":"The mcopy function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly restrict a certain offset value, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string that is mishandled by a \"Python script text executable\" rule.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4605.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4605.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4605","reference_id":"","reference_type":"","scores":[{"value":"0.09106","scoring_system":"epss","scoring_elements":"0.92815","published_at":"2026-06-04T12:55:00Z"},{"value":"0.09106","scoring_system":"epss","scoring_elements":"0.92827","published_at":"2026-06-05T12:55:00Z"},{"value":"0.09106","scoring_system":"epss","scoring_elements":"0.92822","published_at":"2026-06-06T12:55:00Z"},{"value":"0.09106","scoring_system":"epss","scoring_elements":"0.92818","published_at":"2026-06-07T12:55:00Z"},{"value":"0.09106","scoring_system":"epss","scoring_elements":"0.92816","published_at":"2026-06-08T12:55:00Z"},{"value":"0.09106","scoring_system":"epss","scoring_elements":"0.9283","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4605"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1213442","reference_id":"1213442","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1213442"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1066","reference_id":"RHSA-2015:1066","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1066"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1135","reference_id":"RHSA-2015:1135","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1135"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1186","reference_id":"RHSA-2015:1186","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1186"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1187","reference_id":"RHSA-2015:1187","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1187"},{"reference_url":"https://usn.ubuntu.com/2658-1/","reference_id":"USN-2658-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2658-1/"}],"fixed_packages":[],"aliases":["CVE-2015-4605"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cb7e-afyx-eueb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/113712?format=json","vulnerability_id":"VCID-cj9r-fd3m-4qag","summary":"php: Incomplete Class unserialization type confusion","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4602.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4602.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4602","reference_id":"","reference_type":"","scores":[{"value":"0.11011","scoring_system":"epss","scoring_elements":"0.9357","published_at":"2026-06-04T12:55:00Z"},{"value":"0.11011","scoring_system":"epss","scoring_elements":"0.9358","published_at":"2026-06-06T12:55:00Z"},{"value":"0.11011","scoring_system":"epss","scoring_elements":"0.93578","published_at":"2026-06-08T12:55:00Z"},{"value":"0.11011","scoring_system":"epss","scoring_elements":"0.93585","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4602"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1232923","reference_id":"1232923","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1232923"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1066","reference_id":"RHSA-2015:1066","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1066"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1135","reference_id":"RHSA-2015:1135","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1135"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1186","reference_id":"RHSA-2015:1186","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1186"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1187","reference_id":"RHSA-2015:1187","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1187"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1218","reference_id":"RHSA-2015:1218","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1218"},{"reference_url":"https://usn.ubuntu.com/2658-1/","reference_id":"USN-2658-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2658-1/"}],"fixed_packages":[],"aliases":["CVE-2015-4602"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cj9r-fd3m-4qag"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/113856?format=json","vulnerability_id":"VCID-d3u3-717d-gkby","summary":"php: use after free in phar_object.c","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2301.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2301.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2301","reference_id":"","reference_type":"","scores":[{"value":"0.11211","scoring_system":"epss","scoring_elements":"0.93645","published_at":"2026-06-04T12:55:00Z"},{"value":"0.11211","scoring_system":"epss","scoring_elements":"0.93655","published_at":"2026-06-06T12:55:00Z"},{"value":"0.11211","scoring_system":"epss","scoring_elements":"0.93653","published_at":"2026-06-07T12:55:00Z"},{"value":"0.11211","scoring_system":"epss","scoring_elements":"0.93652","published_at":"2026-06-08T12:55:00Z"},{"value":"0.11211","scoring_system":"epss","scoring_elements":"0.9366","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2301","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2331","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2331"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2348","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2348"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2787","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2787"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3330","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3330"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1194747","reference_id":"1194747","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1194747"},{"reference_url":"https://security.gentoo.org/glsa/201606-10","reference_id":"GLSA-201606-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201606-10"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1053","reference_id":"RHSA-2015:1053","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1053"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1066","reference_id":"RHSA-2015:1066","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1066"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1135","reference_id":"RHSA-2015:1135","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1135"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1218","reference_id":"RHSA-2015:1218","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1218"},{"reference_url":"https://usn.ubuntu.com/2535-1/","reference_id":"USN-2535-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2535-1/"}],"fixed_packages":[],"aliases":["CVE-2015-2301"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d3u3-717d-gkby"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/113758?format=json","vulnerability_id":"VCID-fmpv-r6d9-uyen","summary":"php: exception:: getTraceAsString type confusion issue after unserialize","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4603.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4603.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4603","reference_id":"","reference_type":"","scores":[{"value":"0.08129","scoring_system":"epss","scoring_elements":"0.92314","published_at":"2026-06-04T12:55:00Z"},{"value":"0.08129","scoring_system":"epss","scoring_elements":"0.92329","published_at":"2026-06-05T12:55:00Z"},{"value":"0.08129","scoring_system":"epss","scoring_elements":"0.92326","published_at":"2026-06-06T12:55:00Z"},{"value":"0.08129","scoring_system":"epss","scoring_elements":"0.92322","published_at":"2026-06-08T12:55:00Z"},{"value":"0.08129","scoring_system":"epss","scoring_elements":"0.92336","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4603"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1232918","reference_id":"1232918","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1232918"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1066","reference_id":"RHSA-2015:1066","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1066"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1135","reference_id":"RHSA-2015:1135","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1135"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1186","reference_id":"RHSA-2015:1186","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1186"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1187","reference_id":"RHSA-2015:1187","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1187"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1218","reference_id":"RHSA-2015:1218","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1218"},{"reference_url":"https://usn.ubuntu.com/2658-1/","reference_id":"USN-2658-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2658-1/"}],"fixed_packages":[],"aliases":["CVE-2015-4603"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fmpv-r6d9-uyen"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/113936?format=json","vulnerability_id":"VCID-fs7a-5j64-23bt","summary":"php: use after free vulnerability in unserialize() (incomplete fix of CVE-2014-8142)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0231.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0231.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-0231","reference_id":"","reference_type":"","scores":[{"value":"0.87334","scoring_system":"epss","scoring_elements":"0.9947","published_at":"2026-06-04T12:55:00Z"},{"value":"0.87334","scoring_system":"epss","scoring_elements":"0.99471","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-0231"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9705","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9705"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0231","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0231"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0232","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0232"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0273","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0273"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1352","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1352"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2305","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2305"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1185397","reference_id":"1185397","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1185397"},{"reference_url":"https://security.gentoo.org/glsa/201503-03","reference_id":"GLSA-201503-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201503-03"},{"reference_url":"https://security.gentoo.org/glsa/201606-10","reference_id":"GLSA-201606-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201606-10"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1053","reference_id":"RHSA-2015:1053","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1053"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1066","reference_id":"RHSA-2015:1066","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1066"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1135","reference_id":"RHSA-2015:1135","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1135"},{"reference_url":"https://usn.ubuntu.com/2501-1/","reference_id":"USN-2501-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2501-1/"}],"fixed_packages":[],"aliases":["CVE-2015-0231"],"risk_score":1.6,"exploitability":"2.0","weighted_severity":"0.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fs7a-5j64-23bt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67905?format=json","vulnerability_id":"VCID-gc82-p6sr-c7ew","summary":"The mconvert function in softmagic.c in file before 5.21, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not properly handle a certain string-length field during a copy of a truncated version of a Pascal string, which might allow remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9652.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9652.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9652","reference_id":"","reference_type":"","scores":[{"value":"0.06907","scoring_system":"epss","scoring_elements":"0.91551","published_at":"2026-06-04T12:55:00Z"},{"value":"0.06907","scoring_system":"epss","scoring_elements":"0.91564","published_at":"2026-06-05T12:55:00Z"},{"value":"0.06907","scoring_system":"epss","scoring_elements":"0.91566","published_at":"2026-06-06T12:55:00Z"},{"value":"0.06907","scoring_system":"epss","scoring_elements":"0.91562","published_at":"2026-06-07T12:55:00Z"},{"value":"0.06907","scoring_system":"epss","scoring_elements":"0.91559","published_at":"2026-06-08T12:55:00Z"},{"value":"0.06907","scoring_system":"epss","scoring_elements":"0.91575","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9652"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8116","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8116"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8117","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8117"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9620","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9620"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9652","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9652"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1188599","reference_id":"1188599","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1188599"},{"reference_url":"https://security.gentoo.org/glsa/201701-42","reference_id":"GLSA-201701-42","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-42"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1053","reference_id":"RHSA-2015:1053","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1053"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1066","reference_id":"RHSA-2015:1066","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1066"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1135","reference_id":"RHSA-2015:1135","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1135"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2155","reference_id":"RHSA-2015:2155","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2155"},{"reference_url":"https://usn.ubuntu.com/2501-1/","reference_id":"USN-2501-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2501-1/"}],"fixed_packages":[],"aliases":["CVE-2014-9652"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gc82-p6sr-c7ew"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/113640?format=json","vulnerability_id":"VCID-hyvw-ued7-abhg","summary":"php: missing null byte checks for paths in various PHP extensions","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3412.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3412.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3412","reference_id":"","reference_type":"","scores":[{"value":"0.01006","scoring_system":"epss","scoring_elements":"0.77395","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01006","scoring_system":"epss","scoring_elements":"0.77422","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01006","scoring_system":"epss","scoring_elements":"0.77432","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01006","scoring_system":"epss","scoring_elements":"0.77413","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01006","scoring_system":"epss","scoring_elements":"0.77434","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3412"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1232823","reference_id":"1232823","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1232823"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1066","reference_id":"RHSA-2015:1066","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1066"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1135","reference_id":"RHSA-2015:1135","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1135"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1186","reference_id":"RHSA-2015:1186","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1186"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1187","reference_id":"RHSA-2015:1187","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1187"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1218","reference_id":"RHSA-2015:1218","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1218"},{"reference_url":"https://usn.ubuntu.com/2658-1/","reference_id":"USN-2658-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2658-1/"}],"fixed_packages":[],"aliases":["CVE-2015-3412"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hyvw-ued7-abhg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/113812?format=json","vulnerability_id":"VCID-jw2h-aquc-bucz","summary":"php: HTTP response splitting in header() function","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8935.json","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8935.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8935","reference_id":"","reference_type":"","scores":[{"value":"0.01115","scoring_system":"epss","scoring_elements":"0.78532","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01115","scoring_system":"epss","scoring_elements":"0.78558","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01115","scoring_system":"epss","scoring_elements":"0.78566","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01115","scoring_system":"epss","scoring_elements":"0.78556","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01115","scoring_system":"epss","scoring_elements":"0.78544","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01115","scoring_system":"epss","scoring_elements":"0.78562","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8935"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1348927","reference_id":"1348927","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1348927"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1066","reference_id":"RHSA-2015:1066","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1066"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2750","reference_id":"RHSA-2016:2750","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2750"},{"reference_url":"https://usn.ubuntu.com/3045-1/","reference_id":"USN-3045-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3045-1/"}],"fixed_packages":[],"aliases":["CVE-2015-8935"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jw2h-aquc-bucz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/113937?format=json","vulnerability_id":"VCID-k256-kf2y-syaa","summary":"php: Free called on unitialized pointer in exif.c","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0232.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0232.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-0232","reference_id":"","reference_type":"","scores":[{"value":"0.66946","scoring_system":"epss","scoring_elements":"0.98569","published_at":"2026-06-04T12:55:00Z"},{"value":"0.66946","scoring_system":"epss","scoring_elements":"0.98571","published_at":"2026-06-08T12:55:00Z"},{"value":"0.66946","scoring_system":"epss","scoring_elements":"0.9857","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-0232"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9705","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9705"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0231","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0231"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0232","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0232"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0273","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0273"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1352","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1352"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2305","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2305"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1185472","reference_id":"1185472","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1185472"},{"reference_url":"https://security.gentoo.org/glsa/201503-03","reference_id":"GLSA-201503-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201503-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1053","reference_id":"RHSA-2015:1053","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1053"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1066","reference_id":"RHSA-2015:1066","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1066"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1135","reference_id":"RHSA-2015:1135","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1135"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1218","reference_id":"RHSA-2015:1218","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1218"},{"reference_url":"https://usn.ubuntu.com/2501-1/","reference_id":"USN-2501-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2501-1/"}],"fixed_packages":[],"aliases":["CVE-2015-0232"],"risk_score":0.3,"exploitability":"0.5","weighted_severity":"0.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k256-kf2y-syaa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/113637?format=json","vulnerability_id":"VCID-mbcp-3mzm-wyfw","summary":"php: type confusion issue in unserialize() with various SOAP methods","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4599.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4599.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4599","reference_id":"","reference_type":"","scores":[{"value":"0.06568","scoring_system":"epss","scoring_elements":"0.91311","published_at":"2026-06-04T12:55:00Z"},{"value":"0.06568","scoring_system":"epss","scoring_elements":"0.91324","published_at":"2026-06-05T12:55:00Z"},{"value":"0.06568","scoring_system":"epss","scoring_elements":"0.91326","published_at":"2026-06-06T12:55:00Z"},{"value":"0.06568","scoring_system":"epss","scoring_elements":"0.91321","published_at":"2026-06-07T12:55:00Z"},{"value":"0.06568","scoring_system":"epss","scoring_elements":"0.91317","published_at":"2026-06-08T12:55:00Z"},{"value":"0.06568","scoring_system":"epss","scoring_elements":"0.91332","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4599"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1222538","reference_id":"1222538","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1222538"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1053","reference_id":"RHSA-2015:1053","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1053"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1066","reference_id":"RHSA-2015:1066","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1066"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1135","reference_id":"RHSA-2015:1135","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1135"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1218","reference_id":"RHSA-2015:1218","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1218"},{"reference_url":"https://usn.ubuntu.com/2658-1/","reference_id":"USN-2658-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2658-1/"}],"fixed_packages":[],"aliases":["CVE-2015-4599"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mbcp-3mzm-wyfw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/113942?format=json","vulnerability_id":"VCID-mvan-s6cw-dqgg","summary":"php: use after free vulnerability in unserialize()","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8142.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8142.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-8142","reference_id":"","reference_type":"","scores":[{"value":"0.8832","scoring_system":"epss","scoring_elements":"0.99512","published_at":"2026-06-04T12:55:00Z"},{"value":"0.8832","scoring_system":"epss","scoring_elements":"0.99513","published_at":"2026-06-05T12:55:00Z"},{"value":"0.8832","scoring_system":"epss","scoring_elements":"0.99514","published_at":"2026-06-08T12:55:00Z"},{"value":"0.8832","scoring_system":"epss","scoring_elements":"0.99515","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-8142"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8142","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8142"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9427","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9427"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1175718","reference_id":"1175718","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1175718"},{"reference_url":"https://security.gentoo.org/glsa/201503-03","reference_id":"GLSA-201503-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201503-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1053","reference_id":"RHSA-2015:1053","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1053"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1066","reference_id":"RHSA-2015:1066","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1066"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1135","reference_id":"RHSA-2015:1135","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1135"},{"reference_url":"https://usn.ubuntu.com/2501-1/","reference_id":"USN-2501-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2501-1/"}],"fixed_packages":[],"aliases":["CVE-2014-8142"],"risk_score":1.6,"exploitability":"2.0","weighted_severity":"0.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mvan-s6cw-dqgg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/113634?format=json","vulnerability_id":"VCID-nwnk-8fjq-yqh2","summary":"php: missing null byte checks for paths in various PHP extensions","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3411.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3411.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3411","reference_id":"","reference_type":"","scores":[{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.52451","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.5251","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.52519","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.52499","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.52471","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.52493","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3411"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1213407","reference_id":"1213407","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1213407"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1066","reference_id":"RHSA-2015:1066","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1066"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1135","reference_id":"RHSA-2015:1135","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1135"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1186","reference_id":"RHSA-2015:1186","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1186"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1187","reference_id":"RHSA-2015:1187","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1187"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1218","reference_id":"RHSA-2015:1218","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1218"},{"reference_url":"https://usn.ubuntu.com/2658-1/","reference_id":"USN-2658-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2658-1/"}],"fixed_packages":[],"aliases":["CVE-2015-3411"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nwnk-8fjq-yqh2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67907?format=json","vulnerability_id":"VCID-r4vw-w73c-23bw","summary":"The mget function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly maintain a certain pointer relationship, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string that is mishandled by a \"Python script text executable\" rule.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4604.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4604.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4604","reference_id":"","reference_type":"","scores":[{"value":"0.09106","scoring_system":"epss","scoring_elements":"0.92815","published_at":"2026-06-04T12:55:00Z"},{"value":"0.09106","scoring_system":"epss","scoring_elements":"0.92827","published_at":"2026-06-05T12:55:00Z"},{"value":"0.09106","scoring_system":"epss","scoring_elements":"0.92822","published_at":"2026-06-06T12:55:00Z"},{"value":"0.09106","scoring_system":"epss","scoring_elements":"0.92818","published_at":"2026-06-07T12:55:00Z"},{"value":"0.09106","scoring_system":"epss","scoring_elements":"0.92816","published_at":"2026-06-08T12:55:00Z"},{"value":"0.09106","scoring_system":"epss","scoring_elements":"0.9283","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4604"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1213442","reference_id":"1213442","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1213442"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1066","reference_id":"RHSA-2015:1066","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1066"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1135","reference_id":"RHSA-2015:1135","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1135"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1186","reference_id":"RHSA-2015:1186","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1186"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1187","reference_id":"RHSA-2015:1187","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1187"},{"reference_url":"https://usn.ubuntu.com/2658-1/","reference_id":"USN-2658-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2658-1/"}],"fixed_packages":[],"aliases":["CVE-2015-4604"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r4vw-w73c-23bw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/113954?format=json","vulnerability_id":"VCID-ree2-2t6w-gffp","summary":"php: heap buffer overflow in enchant_broker_request_dict()","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9705.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9705.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9705","reference_id":"","reference_type":"","scores":[{"value":"0.26968","scoring_system":"epss","scoring_elements":"0.96467","published_at":"2026-06-04T12:55:00Z"},{"value":"0.26968","scoring_system":"epss","scoring_elements":"0.96471","published_at":"2026-06-05T12:55:00Z"},{"value":"0.26968","scoring_system":"epss","scoring_elements":"0.96475","published_at":"2026-06-06T12:55:00Z"},{"value":"0.26968","scoring_system":"epss","scoring_elements":"0.96476","published_at":"2026-06-08T12:55:00Z"},{"value":"0.26968","scoring_system":"epss","scoring_elements":"0.96481","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9705"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9705","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9705"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0231","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0231"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0232","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0232"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0273","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0273"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1352","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1352"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2305","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2305"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1194737","reference_id":"1194737","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1194737"},{"reference_url":"https://security.gentoo.org/glsa/201606-10","reference_id":"GLSA-201606-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201606-10"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1053","reference_id":"RHSA-2015:1053","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1053"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1066","reference_id":"RHSA-2015:1066","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1066"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1135","reference_id":"RHSA-2015:1135","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1135"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1218","reference_id":"RHSA-2015:1218","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1218"},{"reference_url":"https://usn.ubuntu.com/2535-1/","reference_id":"USN-2535-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2535-1/"}],"fixed_packages":[],"aliases":["CVE-2014-9705"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ree2-2t6w-gffp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58557?format=json","vulnerability_id":"VCID-rrcw-n2jt-sfde","summary":"Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression that leads to a heap-based buffer overflow.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2305.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2305.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2305","reference_id":"","reference_type":"","scores":[{"value":"0.22421","scoring_system":"epss","scoring_elements":"0.95937","published_at":"2026-06-04T12:55:00Z"},{"value":"0.22421","scoring_system":"epss","scoring_elements":"0.95942","published_at":"2026-06-05T12:55:00Z"},{"value":"0.22421","scoring_system":"epss","scoring_elements":"0.95945","published_at":"2026-06-08T12:55:00Z"},{"value":"0.22421","scoring_system":"epss","scoring_elements":"0.9595","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2305"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9705","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9705"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0231","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0231"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0232","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0232"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0273","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0273"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1352","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1352"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2305","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2305"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1191049","reference_id":"1191049","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1191049"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778397","reference_id":"778397","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778397"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778402","reference_id":"778402","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778402"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778406","reference_id":"778406","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778406"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778408","reference_id":"778408","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778408"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778409","reference_id":"778409","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778409"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778412","reference_id":"778412","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778412"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1053","reference_id":"RHSA-2015:1053","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1053"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1066","reference_id":"RHSA-2015:1066","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1066"},{"reference_url":"https://usn.ubuntu.com/2572-1/","reference_id":"USN-2572-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2572-1/"},{"reference_url":"https://usn.ubuntu.com/2594-1/","reference_id":"USN-2594-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2594-1/"}],"fixed_packages":[],"aliases":["CVE-2015-2305"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rrcw-n2jt-sfde"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/113764?format=json","vulnerability_id":"VCID-vrkg-reyp-rbbz","summary":"php: use after free vulnerability in unserialize() with DateTimeZone","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0273.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0273.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-0273","reference_id":"","reference_type":"","scores":[{"value":"0.60759","scoring_system":"epss","scoring_elements":"0.9832","published_at":"2026-06-04T12:55:00Z"},{"value":"0.60759","scoring_system":"epss","scoring_elements":"0.98323","published_at":"2026-06-07T12:55:00Z"},{"value":"0.60759","scoring_system":"epss","scoring_elements":"0.98324","published_at":"2026-06-08T12:55:00Z"},{"value":"0.60759","scoring_system":"epss","scoring_elements":"0.98321","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-0273"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9705","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9705"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0231","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0231"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0232","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0232"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0273","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0273"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1352","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1352"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2305","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2305"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1194730","reference_id":"1194730","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1194730"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/dos/36158.txt","reference_id":"CVE-2015-0273;OSVDB-118589","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/dos/36158.txt"},{"reference_url":"https://security.gentoo.org/glsa/201606-10","reference_id":"GLSA-201606-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201606-10"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1053","reference_id":"RHSA-2015:1053","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1053"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1066","reference_id":"RHSA-2015:1066","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1066"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1135","reference_id":"RHSA-2015:1135","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1135"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1218","reference_id":"RHSA-2015:1218","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1218"},{"reference_url":"https://usn.ubuntu.com/2535-1/","reference_id":"USN-2535-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2535-1/"}],"fixed_packages":[],"aliases":["CVE-2015-0273"],"risk_score":1.0,"exploitability":"2.0","weighted_severity":"0.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vrkg-reyp-rbbz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/113636?format=json","vulnerability_id":"VCID-wx7w-pq4c-37bc","summary":"php: buffer overflow in phar_set_inode()","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3329.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3329.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3329","reference_id":"","reference_type":"","scores":[{"value":"0.2878","scoring_system":"epss","scoring_elements":"0.96637","published_at":"2026-06-04T12:55:00Z"},{"value":"0.2878","scoring_system":"epss","scoring_elements":"0.96641","published_at":"2026-06-05T12:55:00Z"},{"value":"0.2878","scoring_system":"epss","scoring_elements":"0.96645","published_at":"2026-06-08T12:55:00Z"},{"value":"0.2878","scoring_system":"epss","scoring_elements":"0.9665","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3329"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2783","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2783"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3307","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3307"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3329","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3329"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4021","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4021"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4022","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4022"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4024","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4024"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4025","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4025"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4026","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4026"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1213449","reference_id":"1213449","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1213449"},{"reference_url":"https://security.gentoo.org/glsa/201606-10","reference_id":"GLSA-201606-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201606-10"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1066","reference_id":"RHSA-2015:1066","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1066"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1135","reference_id":"RHSA-2015:1135","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1135"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1186","reference_id":"RHSA-2015:1186","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1186"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1187","reference_id":"RHSA-2015:1187","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1187"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1218","reference_id":"RHSA-2015:1218","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1218"},{"reference_url":"https://usn.ubuntu.com/2572-1/","reference_id":"USN-2572-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2572-1/"}],"fixed_packages":[],"aliases":["CVE-2015-3329"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wx7w-pq4c-37bc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/113755?format=json","vulnerability_id":"VCID-xa3s-e69f-ukar","summary":"php: SoapClient's __call() type confusion through unserialize()","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4147.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4147.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4147","reference_id":"","reference_type":"","scores":[{"value":"0.47996","scoring_system":"epss","scoring_elements":"0.97778","published_at":"2026-06-04T12:55:00Z"},{"value":"0.47996","scoring_system":"epss","scoring_elements":"0.97782","published_at":"2026-06-05T12:55:00Z"},{"value":"0.47996","scoring_system":"epss","scoring_elements":"0.97783","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4147"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1204868","reference_id":"1204868","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1204868"},{"reference_url":"https://security.gentoo.org/glsa/201606-10","reference_id":"GLSA-201606-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201606-10"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1053","reference_id":"RHSA-2015:1053","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1053"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1066","reference_id":"RHSA-2015:1066","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1066"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1135","reference_id":"RHSA-2015:1135","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1135"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1218","reference_id":"RHSA-2015:1218","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1218"},{"reference_url":"https://usn.ubuntu.com/2658-1/","reference_id":"USN-2658-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2658-1/"}],"fixed_packages":[],"aliases":["CVE-2015-4147"],"risk_score":0.2,"exploitability":"0.5","weighted_severity":"0.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xa3s-e69f-ukar"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/113638?format=json","vulnerability_id":"VCID-xfkn-u7rh-6bcj","summary":"php: type confusion issue in unserialize() with various SOAP methods","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4600.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4600.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4600","reference_id":"","reference_type":"","scores":[{"value":"0.10739","scoring_system":"epss","scoring_elements":"0.93468","published_at":"2026-06-04T12:55:00Z"},{"value":"0.10739","scoring_system":"epss","scoring_elements":"0.93479","published_at":"2026-06-06T12:55:00Z"},{"value":"0.10739","scoring_system":"epss","scoring_elements":"0.93477","published_at":"2026-06-07T12:55:00Z"},{"value":"0.10739","scoring_system":"epss","scoring_elements":"0.93476","published_at":"2026-06-08T12:55:00Z"},{"value":"0.10739","scoring_system":"epss","scoring_elements":"0.93483","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4600"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1222538","reference_id":"1222538","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1222538"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1053","reference_id":"RHSA-2015:1053","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1053"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1066","reference_id":"RHSA-2015:1066","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1066"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1135","reference_id":"RHSA-2015:1135","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1135"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1218","reference_id":"RHSA-2015:1218","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1218"},{"reference_url":"https://usn.ubuntu.com/2658-1/","reference_id":"USN-2658-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2658-1/"}],"fixed_packages":[],"aliases":["CVE-2015-4600"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xfkn-u7rh-6bcj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/113639?format=json","vulnerability_id":"VCID-y1ye-8a37-aua9","summary":"php: type confusion issue in unserialize() with various SOAP methods","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4601.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4601.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4601","reference_id":"","reference_type":"","scores":[{"value":"0.21375","scoring_system":"epss","scoring_elements":"0.95804","published_at":"2026-06-04T12:55:00Z"},{"value":"0.21375","scoring_system":"epss","scoring_elements":"0.95809","published_at":"2026-06-05T12:55:00Z"},{"value":"0.21375","scoring_system":"epss","scoring_elements":"0.95813","published_at":"2026-06-08T12:55:00Z"},{"value":"0.21375","scoring_system":"epss","scoring_elements":"0.95818","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4601"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1222538","reference_id":"1222538","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1222538"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1053","reference_id":"RHSA-2015:1053","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1053"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1066","reference_id":"RHSA-2015:1066","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1066"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1135","reference_id":"RHSA-2015:1135","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1135"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1218","reference_id":"RHSA-2015:1218","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1218"},{"reference_url":"https://usn.ubuntu.com/2658-1/","reference_id":"USN-2658-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2658-1/"}],"fixed_packages":[],"aliases":["CVE-2015-4601"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y1ye-8a37-aua9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/113595?format=json","vulnerability_id":"VCID-ydku-1rdq-nkek","summary":"php: invalid pointer free() in phar_tar_process_metadata()","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3307.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3307.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3307","reference_id":"","reference_type":"","scores":[{"value":"0.18407","scoring_system":"epss","scoring_elements":"0.95356","published_at":"2026-06-04T12:55:00Z"},{"value":"0.18407","scoring_system":"epss","scoring_elements":"0.95364","published_at":"2026-06-05T12:55:00Z"},{"value":"0.18407","scoring_system":"epss","scoring_elements":"0.95366","published_at":"2026-06-06T12:55:00Z"},{"value":"0.18407","scoring_system":"epss","scoring_elements":"0.95369","published_at":"2026-06-08T12:55:00Z"},{"value":"0.18407","scoring_system":"epss","scoring_elements":"0.95373","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3307"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2783","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2783"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3307","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3307"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3329","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3329"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4021","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4021"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4022","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4022"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4024","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4024"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4025","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4025"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4026","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4026"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1223441","reference_id":"1223441","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1223441"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1066","reference_id":"RHSA-2015:1066","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1066"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1135","reference_id":"RHSA-2015:1135","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1135"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1186","reference_id":"RHSA-2015:1186","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1186"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1187","reference_id":"RHSA-2015:1187","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1187"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1218","reference_id":"RHSA-2015:1218","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1218"}],"fixed_packages":[],"aliases":["CVE-2015-3307"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ydku-1rdq-nkek"}],"fixing_vulnerabilities":[],"risk_score":"1.6","resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/php54-php@5.4.40-1%3Farch=el7"}