{"url":"http://public2.vulnerablecode.io/api/packages/184741?format=json","purl":"pkg:rpm/redhat/python@2.4.3-43?arch=el5","type":"rpm","namespace":"redhat","name":"python","version":"2.4.3-43","qualifiers":{"arch":"el5"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/116938?format=json","vulnerability_id":"VCID-9qyx-2zhx-5qag","summary":"python: untrusted python modules search path","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5983.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5983.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5983","reference_id":"","reference_type":"","scores":[{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.30293","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.30367","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.30332","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5983"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=482814","reference_id":"482814","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=482814"},{"reference_url":"https://security.gentoo.org/glsa/200903-41","reference_id":"GLSA-200903-41","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200903-41"},{"reference_url":"https://security.gentoo.org/glsa/200904-06","reference_id":"GLSA-200904-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200904-06"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0027","reference_id":"RHSA-2011:0027","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0027"},{"reference_url":"https://usn.ubuntu.com/1596-1/","reference_id":"USN-1596-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1596-1/"},{"reference_url":"https://usn.ubuntu.com/1613-1/","reference_id":"USN-1613-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1613-1/"},{"reference_url":"https://usn.ubuntu.com/1613-2/","reference_id":"USN-1613-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1613-2/"},{"reference_url":"https://usn.ubuntu.com/1616-1/","reference_id":"USN-1616-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1616-1/"}],"fixed_packages":[],"aliases":["CVE-2008-5983"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9qyx-2zhx-5qag"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98982?format=json","vulnerability_id":"VCID-d5nm-cwte-qudf","summary":"Buffer underflow in the rgbimg module in Python 2.5 allows remote attackers to cause a denial of service (application crash) via a large ZSIZE value in a black-and-white (aka B/W) RGB image that triggers an invalid pointer dereference.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-4134.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-4134.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-4134","reference_id":"","reference_type":"","scores":[{"value":"0.02612","scoring_system":"epss","scoring_elements":"0.85927","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02612","scoring_system":"epss","scoring_elements":"0.85949","published_at":"2026-06-05T12:55:00Z"},{"value":"0.02612","scoring_system":"epss","scoring_elements":"0.85953","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-4134"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=541698","reference_id":"541698","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=541698"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0027","reference_id":"RHSA-2011:0027","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0027"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0260","reference_id":"RHSA-2011:0260","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0260"}],"fixed_packages":[],"aliases":["CVE-2009-4134"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d5nm-cwte-qudf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98986?format=json","vulnerability_id":"VCID-hgg5-afas-gqem","summary":"Multiple integer overflows in audioop.c in the audioop module in Python 2.6, 2.7, 3.1, and 3.2 allow context-dependent attackers to cause a denial of service (application crash) via a large fragment, as demonstrated by a call to audioop.lin2lin with a long string in the first argument, leading to a buffer overflow.  NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-3143.5.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1634.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1634.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1634","reference_id":"","reference_type":"","scores":[{"value":"0.01215","scoring_system":"epss","scoring_elements":"0.7935","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01215","scoring_system":"epss","scoring_elements":"0.79378","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01215","scoring_system":"epss","scoring_elements":"0.79383","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1634"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1634","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1634"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=590690","reference_id":"590690","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=590690"},{"reference_url":"https://security.gentoo.org/glsa/201401-04","reference_id":"GLSA-201401-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201401-04"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0027","reference_id":"RHSA-2011:0027","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0027"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0491","reference_id":"RHSA-2011:0491","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0491"},{"reference_url":"https://usn.ubuntu.com/1596-1/","reference_id":"USN-1596-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1596-1/"},{"reference_url":"https://usn.ubuntu.com/1613-1/","reference_id":"USN-1613-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1613-1/"},{"reference_url":"https://usn.ubuntu.com/1613-2/","reference_id":"USN-1613-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1613-2/"},{"reference_url":"https://usn.ubuntu.com/1616-1/","reference_id":"USN-1616-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1616-1/"}],"fixed_packages":[],"aliases":["CVE-2010-1634"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hgg5-afas-gqem"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98983?format=json","vulnerability_id":"VCID-kz5q-q45c-jub6","summary":"Integer overflow in rgbimgmodule.c in the rgbimg module in Python 2.5 allows remote attackers to have an unspecified impact via a large image that triggers a buffer overflow.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-3143.12.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1449.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1449.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1449","reference_id":"","reference_type":"","scores":[{"value":"0.03785","scoring_system":"epss","scoring_elements":"0.88273","published_at":"2026-06-04T12:55:00Z"},{"value":"0.03785","scoring_system":"epss","scoring_elements":"0.88292","published_at":"2026-06-05T12:55:00Z"},{"value":"0.03785","scoring_system":"epss","scoring_elements":"0.88295","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1449"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=541698","reference_id":"541698","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=541698"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0027","reference_id":"RHSA-2011:0027","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0027"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0260","reference_id":"RHSA-2011:0260","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0260"}],"fixed_packages":[],"aliases":["CVE-2010-1449"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kz5q-q45c-jub6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98987?format=json","vulnerability_id":"VCID-pzy5-zxy9-g7hx","summary":"The audioop module in Python 2.7 and 3.2 does not verify the relationships between size arguments and byte string lengths, which allows context-dependent attackers to cause a denial of service (memory corruption and application crash) via crafted arguments, as demonstrated by a call to audioop.reverse with a one-byte string, a different vulnerability than CVE-2010-1634.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2089.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2089.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-2089","reference_id":"","reference_type":"","scores":[{"value":"0.09965","scoring_system":"epss","scoring_elements":"0.93176","published_at":"2026-06-04T12:55:00Z"},{"value":"0.09965","scoring_system":"epss","scoring_elements":"0.93187","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-2089"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2089","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2089"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=598197","reference_id":"598197","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=598197"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/unix/dos/34145.txt","reference_id":"CVE-2010-2089;OSVDB-65151","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/unix/dos/34145.txt"},{"reference_url":"https://www.securityfocus.com/bid/40863/info","reference_id":"CVE-2010-2089;OSVDB-65151","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/40863/info"},{"reference_url":"https://security.gentoo.org/glsa/201401-04","reference_id":"GLSA-201401-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201401-04"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0027","reference_id":"RHSA-2011:0027","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0027"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0491","reference_id":"RHSA-2011:0491","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0491"},{"reference_url":"https://usn.ubuntu.com/1596-1/","reference_id":"USN-1596-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1596-1/"},{"reference_url":"https://usn.ubuntu.com/1613-1/","reference_id":"USN-1613-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1613-1/"},{"reference_url":"https://usn.ubuntu.com/1613-2/","reference_id":"USN-1613-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1613-2/"},{"reference_url":"https://usn.ubuntu.com/1616-1/","reference_id":"USN-1616-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1616-1/"}],"fixed_packages":[],"aliases":["CVE-2010-2089"],"risk_score":0.2,"exploitability":"2.0","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pzy5-zxy9-g7hx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98984?format=json","vulnerability_id":"VCID-ydue-93bt-e7h8","summary":"Multiple buffer overflows in the RLE decoder in the rgbimg module in Python 2.5 allow remote attackers to have an unspecified impact via an image file containing crafted data that triggers improper processing within the (1) longimagedata or (2) expandrow function.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1450.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1450.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1450","reference_id":"","reference_type":"","scores":[{"value":"0.02822","scoring_system":"epss","scoring_elements":"0.86429","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02822","scoring_system":"epss","scoring_elements":"0.86452","published_at":"2026-06-05T12:55:00Z"},{"value":"0.02822","scoring_system":"epss","scoring_elements":"0.86453","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1450"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=541698","reference_id":"541698","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=541698"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0027","reference_id":"RHSA-2011:0027","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0027"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0260","reference_id":"RHSA-2011:0260","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0260"}],"fixed_packages":[],"aliases":["CVE-2010-1450"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ydue-93bt-e7h8"}],"fixing_vulnerabilities":[],"risk_score":"0.2","resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python@2.4.3-43%3Farch=el5"}