{"url":"http://public2.vulnerablecode.io/api/packages/235580?format=json","purl":"pkg:rpm/redhat/puppetlabs-stdlib@4.2.1-1.20140510git08b00d9?arch=el6_6sat","type":"rpm","namespace":"redhat","name":"puppetlabs-stdlib","version":"4.2.1-1.20140510git08b00d9","qualifiers":{"arch":"el6_6sat"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66747?format=json","vulnerability_id":"VCID-2n4u-hdec-1yg4","summary":"foreman: XSS in hidden parameter value switcher","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5282.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5282.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5282","reference_id":"","reference_type":"","scores":[{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.63039","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5282"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1264221","reference_id":"1264221","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1264221"}],"fixed_packages":[],"aliases":["CVE-2015-5282"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2n4u-hdec-1yg4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3365?format=json","vulnerability_id":"VCID-2pw6-nfst-hqcv","summary":"The Server.verify_request function in SimpleGeo python-oauth2 does not check the nonce, which allows remote attackers to perform replay attacks via a signed URL.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1591","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2015:1591"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1592","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2015:1592"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4346.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4346.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2013-4346","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2013-4346"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4346","reference_id":"","reference_type":"","scores":[{"value":"0.005","scoring_system":"epss","scoring_elements":"0.66238","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4346"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1007746","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1007746"},{"reference_url":"https://github.com/joestump/python-oauth2","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/joestump/python-oauth2"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/oauth2/PYSEC-2014-85.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/oauth2/PYSEC-2014-85.yaml"},{"reference_url":"https://github.com/simplegeo/python-oauth2/issues/129","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/simplegeo/python-oauth2/issues/129"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4346","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4346"},{"reference_url":"https://web.archive.org/web/20200228063302/http://www.securityfocus.com/bid/62386","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200228063302/http://www.securityfocus.com/bid/62386"},{"reference_url":"http://www.openwall.com/lists/oss-security/2013/09/12/7","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2013/09/12/7"},{"reference_url":"http://www.securityfocus.com/bid/62386","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/62386"},{"reference_url":"https://github.com/advisories/GHSA-4433-4cxq-vv73","reference_id":"GHSA-4433-4cxq-vv73","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-4433-4cxq-vv73"}],"fixed_packages":[],"aliases":["CVE-2013-4346","GHSA-4433-4cxq-vv73","PYSEC-2014-85"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2pw6-nfst-hqcv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67262?format=json","vulnerability_id":"VCID-3xcu-6pfz-nue6","summary":"foreman: the _session_id cookie is issued without the Secure flag","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3155.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3155.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3155","reference_id":"","reference_type":"","scores":[{"value":"0.0056","scoring_system":"epss","scoring_elements":"0.68557","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3155"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1216035","reference_id":"1216035","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1216035"}],"fixed_packages":[],"aliases":["CVE-2015-3155"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3xcu-6pfz-nue6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/68400?format=json","vulnerability_id":"VCID-8aj8-6sm4-pyey","summary":"foreman: cross-site scripting (XSS) flaw in template preview screen","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3653.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3653.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3653","reference_id":"","reference_type":"","scores":[{"value":"0.00389","scoring_system":"epss","scoring_elements":"0.60276","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3653"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1145398","reference_id":"1145398","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1145398"}],"fixed_packages":[],"aliases":["CVE-2014-3653"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8aj8-6sm4-pyey"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67427?format=json","vulnerability_id":"VCID-8e3h-ykwp-s3ge","summary":"foreman: API not scoping resources to taxonomies","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1844.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1844.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1844","reference_id":"","reference_type":"","scores":[{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49667","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1844"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1207589","reference_id":"1207589","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1207589"}],"fixed_packages":[],"aliases":["CVE-2015-1844"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8e3h-ykwp-s3ge"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3366?format=json","vulnerability_id":"VCID-b45h-wab3-1ya2","summary":"The (1) make_nonce, (2) generate_nonce, and (3) generate_verifier functions in SimpleGeo python-oauth2 uses weak random numbers to generate nonces, which makes it easier for remote attackers to guess the nonce via a brute force attack.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1591","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2015:1591"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1592","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2015:1592"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4347.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4347.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2013-4347","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2013-4347"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4347","reference_id":"","reference_type":"","scores":[{"value":"0.00432","scoring_system":"epss","scoring_elements":"0.62923","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4347"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1007758","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1007758"},{"reference_url":"https://github.com/joestump/python-oauth2","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/joestump/python-oauth2"},{"reference_url":"https://github.com/joestump/python-oauth2/commit/82dd2cdd4954cd7b8983d5d64c0dfd9072bf4650","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/joestump/python-oauth2/commit/82dd2cdd4954cd7b8983d5d64c0dfd9072bf4650"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/oauth2/PYSEC-2014-86.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/oauth2/PYSEC-2014-86.yaml"},{"reference_url":"https://github.com/simplegeo/python-oauth2/issues/9","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/simplegeo/python-oauth2/issues/9"},{"reference_url":"https://github.com/simplegeo/python-oauth2/pull/146","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/simplegeo/python-oauth2/pull/146"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4347","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4347"},{"reference_url":"http://www.openwall.com/lists/oss-security/2013/09/12/7","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2013/09/12/7"},{"reference_url":"http://www.securityfocus.com/bid/62388","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/62388"},{"reference_url":"https://github.com/advisories/GHSA-rv8h-p43r-4x5r","reference_id":"GHSA-rv8h-p43r-4x5r","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-rv8h-p43r-4x5r"}],"fixed_packages":[],"aliases":["CVE-2013-4347","GHSA-rv8h-p43r-4x5r","PYSEC-2014-86"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b45h-wab3-1ya2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65668?format=json","vulnerability_id":"VCID-bmnd-xped-sqdm","summary":"pulp: Node certificate containing private key stored in world-readable file","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3107.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3107.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3107","reference_id":"","reference_type":"","scores":[{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.09327","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3107"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1325930","reference_id":"1325930","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1325930"}],"fixed_packages":[],"aliases":["CVE-2016-3107"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bmnd-xped-sqdm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67597?format=json","vulnerability_id":"VCID-emtz-nz5a-qqf1","summary":"foreman: lack of SSL certificate validation when performing LDAPS authentication","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1816.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1816.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1816","reference_id":"","reference_type":"","scores":[{"value":"0.00217","scoring_system":"epss","scoring_elements":"0.44264","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1816"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1208602","reference_id":"1208602","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1208602"}],"fixed_packages":[],"aliases":["CVE-2015-1816"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-emtz-nz5a-qqf1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65669?format=json","vulnerability_id":"VCID-tc6n-s9tk-mqas","summary":"pulp: Insecure temporary file used when generating certificate for Pulp Nodes","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3108.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3108.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3108","reference_id":"","reference_type":"","scores":[{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12852","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3108"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1325934","reference_id":"1325934","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1325934"}],"fixed_packages":[],"aliases":["CVE-2016-3108"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tc6n-s9tk-mqas"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/68497?format=json","vulnerability_id":"VCID-uv19-x8bb-4uaa","summary":"rhn_satellite_6: cross-site request forgery (CSRF) can force logout","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3590.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3590.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3590","reference_id":"","reference_type":"","scores":[{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.47601","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3590"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1128108","reference_id":"1128108","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1128108"}],"fixed_packages":[],"aliases":["CVE-2014-3590"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uv19-x8bb-4uaa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65520?format=json","vulnerability_id":"VCID-vmh1-u3ka-ufbf","summary":"foreman: Missing input validation in Smart Proxy allows RCE via TFTP file variant parameter","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3728.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3728.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3728","reference_id":"","reference_type":"","scores":[{"value":"0.02004","scoring_system":"epss","scoring_elements":"0.83967","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3728"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1333378","reference_id":"1333378","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1333378"}],"fixed_packages":[],"aliases":["CVE-2016-3728"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vmh1-u3ka-ufbf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66961?format=json","vulnerability_id":"VCID-vryw-dve1-f7dz","summary":"Foreman: API permits HTTP requests when require_ssl is enabled","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5152.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5152.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5152","reference_id":"","reference_type":"","scores":[{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52766","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5152"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1243571","reference_id":"1243571","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1243571"}],"fixed_packages":[],"aliases":["CVE-2015-5152"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vryw-dve1-f7dz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65673?format=json","vulnerability_id":"VCID-x4gx-zevk-gfbx","summary":"pulp: Race condition when generating RSA keys for authenticating messages between server and consumers","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3111.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3111.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3111","reference_id":"","reference_type":"","scores":[{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.15203","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3111"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1326251","reference_id":"1326251","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1326251"}],"fixed_packages":[],"aliases":["CVE-2016-3111"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x4gx-zevk-gfbx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67093?format=json","vulnerability_id":"VCID-ypcp-uwrr-8ydf","summary":"foreman: edit_users permission allows changing of admin passwords","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3235.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3235.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3235","reference_id":"","reference_type":"","scores":[{"value":"0.0057","scoring_system":"epss","scoring_elements":"0.68895","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3235"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1232366","reference_id":"1232366","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1232366"}],"fixed_packages":[],"aliases":["CVE-2015-3235"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ypcp-uwrr-8ydf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65671?format=json","vulnerability_id":"VCID-zv22-x4qm-m3ef","summary":"pulp: Agent certificate containing private key is stored in world-readable file","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3112.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3112.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3112","reference_id":"","reference_type":"","scores":[{"value":"0.00421","scoring_system":"epss","scoring_elements":"0.62249","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3112"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1326242","reference_id":"1326242","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1326242"}],"fixed_packages":[],"aliases":["CVE-2016-3112"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zv22-x4qm-m3ef"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/puppetlabs-stdlib@4.2.1-1.20140510git08b00d9%3Farch=el6_6sat"}