{"url":"http://public2.vulnerablecode.io/api/packages/337044?format=json","purl":"pkg:apk/alpine/opensc@0.19.0-r0?arch=x86&distroversion=v3.16&reponame=community","type":"apk","namespace":"alpine","name":"opensc","version":"0.19.0-r0","qualifiers":{"arch":"x86","distroversion":"v3.16","reponame":"community"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"0.20.0-r0","latest_non_vulnerable_version":"0.21.0-r0","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96872?format=json","vulnerability_id":"VCID-6ewg-mbcj-bufw","summary":"Several buffer overflows when handling responses from a Muscle Card in muscle_list_files in libopensc/card-muscle.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16391.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16391.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-16391","reference_id":"","reference_type":"","scores":[{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32125","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32197","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32165","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32127","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32096","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32119","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-16391"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16391","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16391"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1627998","reference_id":"1627998","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1627998"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909444","reference_id":"909444","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909444"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2154","reference_id":"RHSA-2019:2154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2154"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/337044?format=json","purl":"pkg:apk/alpine/opensc@0.19.0-r0?arch=x86&distroversion=v3.16&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/opensc@0.19.0-r0%3Farch=x86&distroversion=v3.16&reponame=community"}],"aliases":["CVE-2018-16391"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6ewg-mbcj-bufw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96876?format=json","vulnerability_id":"VCID-akqy-dq8k-6bbw","summary":"Several buffer overflows when handling responses from a Cryptoflex card in read_public_key in tools/cryptoflex-tool.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16419.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16419.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-16419","reference_id":"","reference_type":"","scores":[{"value":"0.00177","scoring_system":"epss","scoring_elements":"0.38985","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00177","scoring_system":"epss","scoring_elements":"0.39073","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00177","scoring_system":"epss","scoring_elements":"0.39078","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00177","scoring_system":"epss","scoring_elements":"0.39048","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00177","scoring_system":"epss","scoring_elements":"0.39021","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00177","scoring_system":"epss","scoring_elements":"0.39033","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-16419"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16419","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16419"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1628013","reference_id":"1628013","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1628013"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909444","reference_id":"909444","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909444"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2154","reference_id":"RHSA-2019:2154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2154"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/337044?format=json","purl":"pkg:apk/alpine/opensc@0.19.0-r0?arch=x86&distroversion=v3.16&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/opensc@0.19.0-r0%3Farch=x86&distroversion=v3.16&reponame=community"}],"aliases":["CVE-2018-16419"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-akqy-dq8k-6bbw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96878?format=json","vulnerability_id":"VCID-curn-m1g5-qbf7","summary":"Several buffer overflows when handling responses from a CAC Card in cac_get_serial_nr_from_CUID in libopensc/card-cac.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16421.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16421.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-16421","reference_id":"","reference_type":"","scores":[{"value":"0.00177","scoring_system":"epss","scoring_elements":"0.38985","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00177","scoring_system":"epss","scoring_elements":"0.39073","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00177","scoring_system":"epss","scoring_elements":"0.39078","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00177","scoring_system":"epss","scoring_elements":"0.39048","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00177","scoring_system":"epss","scoring_elements":"0.39021","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00177","scoring_system":"epss","scoring_elements":"0.39033","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-16421"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16421","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16421"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1628034","reference_id":"1628034","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1628034"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909444","reference_id":"909444","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909444"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2154","reference_id":"RHSA-2019:2154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2154"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/337044?format=json","purl":"pkg:apk/alpine/opensc@0.19.0-r0?arch=x86&distroversion=v3.16&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/opensc@0.19.0-r0%3Farch=x86&distroversion=v3.16&reponame=community"}],"aliases":["CVE-2018-16421"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-curn-m1g5-qbf7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96873?format=json","vulnerability_id":"VCID-d3j3-fuvu-rkb8","summary":"Several buffer overflows when handling responses from a TCOS Card in tcos_select_file in libopensc/card-tcos.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16392.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16392.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-16392","reference_id":"","reference_type":"","scores":[{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34394","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34491","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34508","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34472","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34429","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34449","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-16392"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16392","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16392"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1628002","reference_id":"1628002","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1628002"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909444","reference_id":"909444","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909444"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2154","reference_id":"RHSA-2019:2154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2154"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/337044?format=json","purl":"pkg:apk/alpine/opensc@0.19.0-r0?arch=x86&distroversion=v3.16&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/opensc@0.19.0-r0%3Farch=x86&distroversion=v3.16&reponame=community"}],"aliases":["CVE-2018-16392"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d3j3-fuvu-rkb8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96882?format=json","vulnerability_id":"VCID-du88-kck1-n7ab","summary":"A double free when handling responses from an HSM Card in sc_pkcs15emu_sc_hsm_init in libopensc/pkcs15-sc-hsm.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16425.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16425.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-16425","reference_id":"","reference_type":"","scores":[{"value":"0.00194","scoring_system":"epss","scoring_elements":"0.41186","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00194","scoring_system":"epss","scoring_elements":"0.41263","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00194","scoring_system":"epss","scoring_elements":"0.41266","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00194","scoring_system":"epss","scoring_elements":"0.41236","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00194","scoring_system":"epss","scoring_elements":"0.41205","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00194","scoring_system":"epss","scoring_elements":"0.41216","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-16425"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16425","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16425"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1628023","reference_id":"1628023","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1628023"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909444","reference_id":"909444","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909444"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/337044?format=json","purl":"pkg:apk/alpine/opensc@0.19.0-r0?arch=x86&distroversion=v3.16&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/opensc@0.19.0-r0%3Farch=x86&distroversion=v3.16&reponame=community"}],"aliases":["CVE-2018-16425"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-du88-kck1-n7ab"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96875?format=json","vulnerability_id":"VCID-dw55-499j-yub1","summary":"A buffer overflow when handling string concatenation in util_acl_to_str in tools/util.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16418.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16418.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-16418","reference_id":"","reference_type":"","scores":[{"value":"0.00177","scoring_system":"epss","scoring_elements":"0.38985","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00177","scoring_system":"epss","scoring_elements":"0.39073","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00177","scoring_system":"epss","scoring_elements":"0.39078","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00177","scoring_system":"epss","scoring_elements":"0.39048","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00177","scoring_system":"epss","scoring_elements":"0.39021","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00177","scoring_system":"epss","scoring_elements":"0.39033","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-16418"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16418","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16418"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1628010","reference_id":"1628010","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1628010"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909444","reference_id":"909444","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909444"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2154","reference_id":"RHSA-2019:2154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2154"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/337044?format=json","purl":"pkg:apk/alpine/opensc@0.19.0-r0?arch=x86&distroversion=v3.16&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/opensc@0.19.0-r0%3Farch=x86&distroversion=v3.16&reponame=community"}],"aliases":["CVE-2018-16418"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dw55-499j-yub1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96880?format=json","vulnerability_id":"VCID-hf4y-ryss-63gp","summary":"A double free when handling responses from a smartcard in sc_file_set_sec_attr in libopensc/sc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16423.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16423.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-16423","reference_id":"","reference_type":"","scores":[{"value":"0.00194","scoring_system":"epss","scoring_elements":"0.41186","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00194","scoring_system":"epss","scoring_elements":"0.41263","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00194","scoring_system":"epss","scoring_elements":"0.41266","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00194","scoring_system":"epss","scoring_elements":"0.41236","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00194","scoring_system":"epss","scoring_elements":"0.41205","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00194","scoring_system":"epss","scoring_elements":"0.41216","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-16423"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16423","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16423"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1628020","reference_id":"1628020","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1628020"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909444","reference_id":"909444","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909444"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2154","reference_id":"RHSA-2019:2154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2154"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/337044?format=json","purl":"pkg:apk/alpine/opensc@0.19.0-r0?arch=x86&distroversion=v3.16&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/opensc@0.19.0-r0%3Farch=x86&distroversion=v3.16&reponame=community"}],"aliases":["CVE-2018-16423"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hf4y-ryss-63gp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96881?format=json","vulnerability_id":"VCID-j553-49cp-sqea","summary":"A double free when handling responses in read_file in tools/egk-tool.c (aka the eGK card tool) in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16424.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16424.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-16424","reference_id":"","reference_type":"","scores":[{"value":"0.00194","scoring_system":"epss","scoring_elements":"0.41186","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00194","scoring_system":"epss","scoring_elements":"0.41263","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00194","scoring_system":"epss","scoring_elements":"0.41266","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00194","scoring_system":"epss","scoring_elements":"0.41236","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00194","scoring_system":"epss","scoring_elements":"0.41205","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00194","scoring_system":"epss","scoring_elements":"0.41216","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-16424"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16424","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16424"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1628040","reference_id":"1628040","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1628040"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909444","reference_id":"909444","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909444"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/337044?format=json","purl":"pkg:apk/alpine/opensc@0.19.0-r0?arch=x86&distroversion=v3.16&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/opensc@0.19.0-r0%3Farch=x86&distroversion=v3.16&reponame=community"}],"aliases":["CVE-2018-16424"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j553-49cp-sqea"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96883?format=json","vulnerability_id":"VCID-nabq-c1j7-xka4","summary":"Endless recursion when handling responses from an IAS-ECC card in iasecc_select_file in libopensc/card-iasecc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to hang or crash the opensc library using programs.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16426.json","reference_id":"","reference_type":"","scores":[{"value":"2.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16426.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-16426","reference_id":"","reference_type":"","scores":[{"value":"0.00204","scoring_system":"epss","scoring_elements":"0.42486","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00204","scoring_system":"epss","scoring_elements":"0.42559","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00204","scoring_system":"epss","scoring_elements":"0.4257","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00204","scoring_system":"epss","scoring_elements":"0.42543","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00204","scoring_system":"epss","scoring_elements":"0.42508","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00204","scoring_system":"epss","scoring_elements":"0.42517","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-16426"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16426","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16426"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1628044","reference_id":"1628044","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1628044"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909444","reference_id":"909444","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909444"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2154","reference_id":"RHSA-2019:2154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2154"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/337044?format=json","purl":"pkg:apk/alpine/opensc@0.19.0-r0?arch=x86&distroversion=v3.16&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/opensc@0.19.0-r0%3Farch=x86&distroversion=v3.16&reponame=community"}],"aliases":["CVE-2018-16426"],"risk_score":1.1,"exploitability":"0.5","weighted_severity":"2.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nabq-c1j7-xka4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96879?format=json","vulnerability_id":"VCID-ncpj-rv8r-27h6","summary":"A single byte buffer overflow when handling responses from an esteid Card in sc_pkcs15emu_esteid_init in libopensc/pkcs15-esteid.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16422.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16422.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-16422","reference_id":"","reference_type":"","scores":[{"value":"0.00177","scoring_system":"epss","scoring_elements":"0.38985","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00177","scoring_system":"epss","scoring_elements":"0.39073","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00177","scoring_system":"epss","scoring_elements":"0.39078","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00177","scoring_system":"epss","scoring_elements":"0.39048","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00177","scoring_system":"epss","scoring_elements":"0.39021","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00177","scoring_system":"epss","scoring_elements":"0.39033","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-16422"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16422","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16422"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1628016","reference_id":"1628016","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1628016"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909444","reference_id":"909444","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909444"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2154","reference_id":"RHSA-2019:2154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2154"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/337044?format=json","purl":"pkg:apk/alpine/opensc@0.19.0-r0?arch=x86&distroversion=v3.16&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/opensc@0.19.0-r0%3Farch=x86&distroversion=v3.16&reponame=community"}],"aliases":["CVE-2018-16422"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ncpj-rv8r-27h6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96884?format=json","vulnerability_id":"VCID-ng4z-u29b-2ye1","summary":"Various out of bounds reads when handling responses in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to potentially crash the opensc library using programs.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16427.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16427.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-16427","reference_id":"","reference_type":"","scores":[{"value":"0.00204","scoring_system":"epss","scoring_elements":"0.42486","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00204","scoring_system":"epss","scoring_elements":"0.42559","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00204","scoring_system":"epss","scoring_elements":"0.4257","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00204","scoring_system":"epss","scoring_elements":"0.42543","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00204","scoring_system":"epss","scoring_elements":"0.42508","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00204","scoring_system":"epss","scoring_elements":"0.42517","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-16427"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16427","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16427"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1628052","reference_id":"1628052","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1628052"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909444","reference_id":"909444","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909444"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2154","reference_id":"RHSA-2019:2154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2154"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/337044?format=json","purl":"pkg:apk/alpine/opensc@0.19.0-r0?arch=x86&distroversion=v3.16&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/opensc@0.19.0-r0%3Farch=x86&distroversion=v3.16&reponame=community"}],"aliases":["CVE-2018-16427"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ng4z-u29b-2ye1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96874?format=json","vulnerability_id":"VCID-sxq9-81w1-yqbu","summary":"Several buffer overflows when handling responses from a Gemsafe V1 Smartcard in gemsafe_get_cert_len in libopensc/pkcs15-gemsafeV1.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16393.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16393.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-16393","reference_id":"","reference_type":"","scores":[{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34394","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34491","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34508","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34472","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34429","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34449","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-16393"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16393","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16393"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1628006","reference_id":"1628006","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1628006"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909444","reference_id":"909444","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909444"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2154","reference_id":"RHSA-2019:2154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2154"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/337044?format=json","purl":"pkg:apk/alpine/opensc@0.19.0-r0?arch=x86&distroversion=v3.16&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/opensc@0.19.0-r0%3Farch=x86&distroversion=v3.16&reponame=community"}],"aliases":["CVE-2018-16393"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sxq9-81w1-yqbu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96877?format=json","vulnerability_id":"VCID-tv1q-daj9-fqg5","summary":"Several buffer overflows when handling responses from an ePass 2003 Card in decrypt_response in libopensc/card-epass2003.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16420.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16420.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-16420","reference_id":"","reference_type":"","scores":[{"value":"0.00177","scoring_system":"epss","scoring_elements":"0.38985","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00177","scoring_system":"epss","scoring_elements":"0.39073","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00177","scoring_system":"epss","scoring_elements":"0.39078","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00177","scoring_system":"epss","scoring_elements":"0.39048","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00177","scoring_system":"epss","scoring_elements":"0.39021","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00177","scoring_system":"epss","scoring_elements":"0.39033","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-16420"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16420","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16420"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1628026","reference_id":"1628026","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1628026"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909444","reference_id":"909444","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909444"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2154","reference_id":"RHSA-2019:2154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2154"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/337044?format=json","purl":"pkg:apk/alpine/opensc@0.19.0-r0?arch=x86&distroversion=v3.16&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/opensc@0.19.0-r0%3Farch=x86&distroversion=v3.16&reponame=community"}],"aliases":["CVE-2018-16420"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tv1q-daj9-fqg5"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/opensc@0.19.0-r0%3Farch=x86&distroversion=v3.16&reponame=community"}