Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/343088?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/343088?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.12%2Bdfsg-1?distro=trixie", "type": "deb", "namespace": "debian", "name": "erlang", "version": "1:27.3.4.12+dfsg-1", "qualifiers": { "distro": "trixie" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61741?format=api", "vulnerability_id": "VCID-154j-a76j-zbfz", "summary": "erlang: TLS server vulnerable to Adaptive Chosen Ciphertext attack allowing plaintext recovery or MITM attack", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000385.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000385.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-1000385", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.83321", "scoring_system": "epss", "scoring_elements": "0.99287", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-1000385" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000385", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000385" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:C/I:P/A:N" }, { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1520400", "reference_id": "1520400", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1520400" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0242", "reference_id": "RHSA-2018:0242", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:0242" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0303", "reference_id": "RHSA-2018:0303", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:0303" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0368", "reference_id": "RHSA-2018:0368", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:0368" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0528", "reference_id": "RHSA-2018:0528", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:0528" }, { "reference_url": "https://usn.ubuntu.com/3571-1/", "reference_id": "USN-3571-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3571-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/343097?format=api", "purl": "pkg:deb/debian/erlang@1:20.1.7%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:20.1.7%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343086?format=api", "purl": "pkg:deb/debian/erlang@1:23.2.6%2Bdfsg-1%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-4ny1-ztaq-yudj" }, { "vulnerability": "VCID-5vxe-1smj-fyck" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" }, { "vulnerability": "VCID-d2mt-nbtf-b3fy" }, { "vulnerability": "VCID-h7x2-fxke-tkdp" }, { "vulnerability": "VCID-qqzg-7f84-4fhz" }, { "vulnerability": "VCID-ws6x-zs8f-b3d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:23.2.6%252Bdfsg-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343084?format=api", "purl": "pkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-4ny1-ztaq-yudj" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" }, { "vulnerability": "VCID-h7x2-fxke-tkdp" }, { "vulnerability": "VCID-qqzg-7f84-4fhz" }, { "vulnerability": "VCID-ws6x-zs8f-b3d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:25.2.3%252Bdfsg-1%252Bdeb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343089?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.1%2Bdfsg-1%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-4ny1-ztaq-yudj" }, { "vulnerability": "VCID-4qr6-9z6u-ekb3" }, { "vulnerability": "VCID-7xvh-aqcu-uyb4" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" }, { "vulnerability": "VCID-qqzg-7f84-4fhz" }, { "vulnerability": "VCID-ws6x-zs8f-b3d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.1%252Bdfsg-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343087?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.11%2Bdfsg-7?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-7xvh-aqcu-uyb4" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.11%252Bdfsg-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343088?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.12%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.12%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-1000385" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-154j-a76j-zbfz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/86870?format=api", "vulnerability_id": "VCID-1py9-5tap-d7fv", "summary": "Improper Following of a Certificate's Chain of Trust vulnerability in Erlang OTP public_key (pubkey_cert module) allows a non-CA certificate to be accepted as an intermediate issuer, enabling certificate chain forgery. In lib/public_key/src/pubkey_cert.erl, pubkey_cert:validate_extensions/7 contains two flaws that together allow a certificate with basicConstraints cA:false and no keyUsage extension to be used as an intermediate issuer in a chain passed to public_key:pkix_path_validation/3: the cA:false clause recurses into the remaining extensions without rejecting the certificate when it is in issuer position, and the keyUsage check only fires when the extension is present, so a certificate lacking keyUsage entirely bypasses the keyCertSign enforcement. Any party holding an end-entity certificate with basicConstraints cA:false and no keyUsage extension, issued by any CA in the victim's trust store, can use that certificate's private key to sign forged leaf certificates for arbitrary identities. public_key:pkix_path_validation/3 accepts the resulting chain, and by extension every TLS or mTLS endpoint built on the OTP ssl application that relies on the default verifier is affected, including server identity verification on the client side and client certificate verification on mTLS servers. This issue affects OTP from OTP 17.0 before OTP 26.2.5.21, 27.3.4.12, 28.5.0.1, and 29.0.1 corresponding to public_key from 0.22 before 1.15.1.7, 1.17.1.3, 1.20.3.1, and 1.21.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42789", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.08507", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42789" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42789", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42789" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/erlang/otp/commit/471cd2f664300a95353c467873800bbe706005db", "reference_id": "471cd2f664300a95353c467873800bbe706005db", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:H/SI:H/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-27T15:41:47Z/" } ], "url": "https://github.com/erlang/otp/commit/471cd2f664300a95353c467873800bbe706005db" }, { "reference_url": "https://github.com/erlang/otp/commit/59c8d824386b2eb1614ff9340624843ef6aca0fd", "reference_id": "59c8d824386b2eb1614ff9340624843ef6aca0fd", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:H/SI:H/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-27T15:41:47Z/" } ], "url": "https://github.com/erlang/otp/commit/59c8d824386b2eb1614ff9340624843ef6aca0fd" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*" }, { "reference_url": "https://cna.erlef.org/cves/CVE-2026-42789.html", "reference_id": "CVE-2026-42789.html", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:H/SI:H/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-27T15:41:47Z/" } ], "url": "https://cna.erlef.org/cves/CVE-2026-42789.html" }, { "reference_url": "https://osv.dev/vulnerability/EEF-CVE-2026-42789", "reference_id": "EEF-CVE-2026-42789", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:H/SI:H/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-27T15:41:47Z/" } ], "url": "https://osv.dev/vulnerability/EEF-CVE-2026-42789" }, { "reference_url": "https://github.com/erlang/otp/security/advisories/GHSA-c99q-jmpx-v8qq", "reference_id": "GHSA-c99q-jmpx-v8qq", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:H/SI:H/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-27T15:41:47Z/" } ], "url": "https://github.com/erlang/otp/security/advisories/GHSA-c99q-jmpx-v8qq" }, { "reference_url": "https://www.erlang.org/doc/system/versions.html#order-of-versions", "reference_id": "versions.html#order-of-versions", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:H/SI:H/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-27T15:41:47Z/" } ], "url": "https://www.erlang.org/doc/system/versions.html#order-of-versions" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/343088?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.12%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.12%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-42789" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1py9-5tap-d7fv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/23629?format=api", "vulnerability_id": "VCID-3qbz-kpqk-27ce", "summary": "erlang: KEX init error results with excessive memory usage", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-30211.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-30211.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-30211", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00154", "scoring_system": "epss", "scoring_elements": "0.35831", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-30211" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30211", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30211" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1101713", "reference_id": "1101713", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1101713" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2355785", "reference_id": "2355785", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2355785" }, { "reference_url": "https://github.com/erlang/otp/security/advisories/GHSA-vvr3-fjhh-cfwc", "reference_id": "GHSA-vvr3-fjhh-cfwc", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-28T15:10:23Z/" } ], "url": "https://github.com/erlang/otp/security/advisories/GHSA-vvr3-fjhh-cfwc" }, { "reference_url": "https://usn.ubuntu.com/7425-1/", "reference_id": "USN-7425-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7425-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/343086?format=api", "purl": "pkg:deb/debian/erlang@1:23.2.6%2Bdfsg-1%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-4ny1-ztaq-yudj" }, { "vulnerability": "VCID-5vxe-1smj-fyck" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" }, { "vulnerability": "VCID-d2mt-nbtf-b3fy" }, { "vulnerability": "VCID-h7x2-fxke-tkdp" }, { "vulnerability": "VCID-qqzg-7f84-4fhz" }, { "vulnerability": "VCID-ws6x-zs8f-b3d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:23.2.6%252Bdfsg-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343104?format=api", "purl": "pkg:deb/debian/erlang@1:23.2.6%2Bdfsg-1%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:23.2.6%252Bdfsg-1%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343103?format=api", "purl": "pkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:25.2.3%252Bdfsg-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343084?format=api", "purl": "pkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-4ny1-ztaq-yudj" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" }, { "vulnerability": "VCID-h7x2-fxke-tkdp" }, { "vulnerability": "VCID-qqzg-7f84-4fhz" }, { "vulnerability": "VCID-ws6x-zs8f-b3d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:25.2.3%252Bdfsg-1%252Bdeb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343108?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.1%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343089?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.1%2Bdfsg-1%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-4ny1-ztaq-yudj" }, { "vulnerability": "VCID-4qr6-9z6u-ekb3" }, { "vulnerability": "VCID-7xvh-aqcu-uyb4" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" }, { "vulnerability": "VCID-qqzg-7f84-4fhz" }, { "vulnerability": "VCID-ws6x-zs8f-b3d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.1%252Bdfsg-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343087?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.11%2Bdfsg-7?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-7xvh-aqcu-uyb4" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.11%252Bdfsg-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343088?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.12%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.12%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-30211" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3qbz-kpqk-27ce" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6789?format=api", "vulnerability_id": "VCID-4ny1-ztaq-yudj", "summary": "erlang/otp: Erlang/OTP kernel: DNS cache poisoning via predictable DNS transaction IDs", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28810.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28810.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-28810", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14848", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-28810" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28810", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28810" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455868", "reference_id": "2455868", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455868" }, { "reference_url": "https://github.com/erlang/otp/commit/36f23c9d2cc54afe83671dd7343596d7972839a5", "reference_id": "36f23c9d2cc54afe83671dd7343596d7972839a5", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-07T16:27:52Z/" } ], "url": "https://github.com/erlang/otp/commit/36f23c9d2cc54afe83671dd7343596d7972839a5" }, { "reference_url": "https://github.com/erlang/otp/commit/b057a9d995017b1be50d6dc02edd52382f3231b8", "reference_id": "b057a9d995017b1be50d6dc02edd52382f3231b8", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-07T16:27:52Z/" } ], "url": "https://github.com/erlang/otp/commit/b057a9d995017b1be50d6dc02edd52382f3231b8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*" }, { "reference_url": "https://cna.erlef.org/cves/CVE-2026-28810.html", "reference_id": "CVE-2026-28810.html", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-07T16:27:52Z/" } ], "url": "https://cna.erlef.org/cves/CVE-2026-28810.html" }, { "reference_url": "https://github.com/erlang/otp/commit/dd15e8eb03548c5e55e9915f0e91389ec6bad9fd", "reference_id": "dd15e8eb03548c5e55e9915f0e91389ec6bad9fd", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-07T16:27:52Z/" } ], "url": "https://github.com/erlang/otp/commit/dd15e8eb03548c5e55e9915f0e91389ec6bad9fd" }, { "reference_url": "https://osv.dev/vulnerability/EEF-CVE-2026-28810", "reference_id": "EEF-CVE-2026-28810", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-07T16:27:52Z/" } ], "url": "https://osv.dev/vulnerability/EEF-CVE-2026-28810" }, { "reference_url": "https://github.com/erlang/otp/security/advisories/GHSA-v884-5jg5-whj8", "reference_id": "GHSA-v884-5jg5-whj8", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-07T16:27:52Z/" } ], "url": "https://github.com/erlang/otp/security/advisories/GHSA-v884-5jg5-whj8" }, { "reference_url": "https://www.erlang.org/doc/system/versions.html#order-of-versions", "reference_id": "versions.html#order-of-versions", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-07T16:27:52Z/" } ], "url": "https://www.erlang.org/doc/system/versions.html#order-of-versions" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/343117?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.10%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.10%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343087?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.11%2Bdfsg-7?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-7xvh-aqcu-uyb4" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.11%252Bdfsg-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343088?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.12%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.12%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-28810" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4ny1-ztaq-yudj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6787?format=api", "vulnerability_id": "VCID-4qr6-9z6u-ekb3", "summary": "Erlang OTP: Erlang OTP public_key: OCSP authorization bypass and information disclosure due to missing signature verification", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32144.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32144.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-32144", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.12022", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-32144" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455896", "reference_id": "2455896", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455896" }, { "reference_url": "https://github.com/erlang/otp/commit/49033a6d93a5be0ee0dce04e1fb8b4ae7de1e0c0", "reference_id": "49033a6d93a5be0ee0dce04e1fb8b4ae7de1e0c0", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-07T13:15:14Z/" } ], "url": "https://github.com/erlang/otp/commit/49033a6d93a5be0ee0dce04e1fb8b4ae7de1e0c0" }, { "reference_url": "https://github.com/erlang/otp/commit/ac7ff528be857c5d35eb29c7f24106e3a16d4891", "reference_id": "ac7ff528be857c5d35eb29c7f24106e3a16d4891", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-07T13:15:14Z/" } ], "url": "https://github.com/erlang/otp/commit/ac7ff528be857c5d35eb29c7f24106e3a16d4891" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*" }, { "reference_url": "https://cna.erlef.org/cves/CVE-2026-32144.html", "reference_id": "CVE-2026-32144.html", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-07T13:15:14Z/" } ], "url": "https://cna.erlef.org/cves/CVE-2026-32144.html" }, { "reference_url": "https://osv.dev/vulnerability/EEF-CVE-2026-32144", "reference_id": "EEF-CVE-2026-32144", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-07T13:15:14Z/" } ], "url": "https://osv.dev/vulnerability/EEF-CVE-2026-32144" }, { "reference_url": "https://github.com/erlang/otp/security/advisories/GHSA-gxrm-pf64-99xm", "reference_id": "GHSA-gxrm-pf64-99xm", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-07T13:15:14Z/" } ], "url": "https://github.com/erlang/otp/security/advisories/GHSA-gxrm-pf64-99xm" }, { "reference_url": "https://www.erlang.org/doc/system/versions.html#order-of-versions", "reference_id": "versions.html#order-of-versions", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-07T13:15:14Z/" } ], "url": "https://www.erlang.org/doc/system/versions.html#order-of-versions" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/343101?format=api", "purl": "pkg:deb/debian/erlang@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343086?format=api", "purl": "pkg:deb/debian/erlang@1:23.2.6%2Bdfsg-1%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-4ny1-ztaq-yudj" }, { "vulnerability": "VCID-5vxe-1smj-fyck" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" }, { "vulnerability": "VCID-d2mt-nbtf-b3fy" }, { "vulnerability": "VCID-h7x2-fxke-tkdp" }, { "vulnerability": "VCID-qqzg-7f84-4fhz" }, { "vulnerability": "VCID-ws6x-zs8f-b3d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:23.2.6%252Bdfsg-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343084?format=api", "purl": "pkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-4ny1-ztaq-yudj" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" }, { "vulnerability": "VCID-h7x2-fxke-tkdp" }, { "vulnerability": "VCID-qqzg-7f84-4fhz" }, { "vulnerability": "VCID-ws6x-zs8f-b3d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:25.2.3%252Bdfsg-1%252Bdeb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343117?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.10%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.10%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343087?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.11%2Bdfsg-7?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-7xvh-aqcu-uyb4" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.11%252Bdfsg-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343088?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.12%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.12%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-32144" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4qr6-9z6u-ekb3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/86686?format=api", "vulnerability_id": "VCID-57pa-s4pz-ukbc", "summary": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP (ssh_sftpd module) allows Path Traversal. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl and program routines ssh_sftpd:is_within_root/2. The SFTP server uses string prefix matching via lists:prefix/2 rather than proper path component validation when checking if a path is within the configured root directory. This allows authenticated users to access sibling directories that share a common name prefix with the configured root directory. For example, if root is set to /home/user1, paths like /home/user10 or /home/user1_backup would incorrectly be considered within the root. This issue affects OTP from OTP 17.0 until OTP 28.4.1, OTP 27.3.4.9 and OTP 26.2.5.18, corresponding to ssh from 3.0.1 until 5.5.1, 5.2.11.6 and 5.1.4.14.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-23942", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11833", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-23942" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23942", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23942" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130912", "reference_id": "1130912", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130912" }, { "reference_url": "https://github.com/erlang/otp/commit/27688a824f753d4c16371dc70e88753fb410590b", "reference_id": "27688a824f753d4c16371dc70e88753fb410590b", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-13T16:02:31Z/" } ], "url": "https://github.com/erlang/otp/commit/27688a824f753d4c16371dc70e88753fb410590b" }, { "reference_url": "https://github.com/erlang/otp/commit/5ed603a1211b83b8be2d1fc06d3f3bf30c3c9759", "reference_id": "5ed603a1211b83b8be2d1fc06d3f3bf30c3c9759", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-13T16:02:31Z/" } ], "url": "https://github.com/erlang/otp/commit/5ed603a1211b83b8be2d1fc06d3f3bf30c3c9759" }, { "reference_url": "https://github.com/erlang/otp/commit/9e0ac85d3485e7898e0da88a14be0ee2310a3b28", "reference_id": "9e0ac85d3485e7898e0da88a14be0ee2310a3b28", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-13T16:02:31Z/" } ], "url": "https://github.com/erlang/otp/commit/9e0ac85d3485e7898e0da88a14be0ee2310a3b28" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*" }, { "reference_url": "https://cna.erlef.org/cves/CVE-2026-23942.html", "reference_id": "CVE-2026-23942.html", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-13T16:02:31Z/" } ], "url": "https://cna.erlef.org/cves/CVE-2026-23942.html" }, { "reference_url": "https://osv.dev/vulnerability/EEF-CVE-2026-23942", "reference_id": "EEF-CVE-2026-23942", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-13T16:02:31Z/" } ], "url": "https://osv.dev/vulnerability/EEF-CVE-2026-23942" }, { "reference_url": "https://github.com/erlang/otp/security/advisories/GHSA-4749-w85x-hw9h", "reference_id": "GHSA-4749-w85x-hw9h", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-13T16:02:31Z/" } ], "url": "https://github.com/erlang/otp/security/advisories/GHSA-4749-w85x-hw9h" }, { "reference_url": "https://www.erlang.org/doc/system/versions.html#order-of-versions", "reference_id": "versions.html#order-of-versions", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-13T16:02:31Z/" } ], "url": "https://www.erlang.org/doc/system/versions.html#order-of-versions" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/343086?format=api", "purl": "pkg:deb/debian/erlang@1:23.2.6%2Bdfsg-1%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-4ny1-ztaq-yudj" }, { "vulnerability": "VCID-5vxe-1smj-fyck" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" }, { "vulnerability": "VCID-d2mt-nbtf-b3fy" }, { "vulnerability": "VCID-h7x2-fxke-tkdp" }, { "vulnerability": "VCID-qqzg-7f84-4fhz" }, { "vulnerability": "VCID-ws6x-zs8f-b3d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:23.2.6%252Bdfsg-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343114?format=api", "purl": "pkg:deb/debian/erlang@1:23.2.6%2Bdfsg-1%2Bdeb11u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:23.2.6%252Bdfsg-1%252Bdeb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343084?format=api", "purl": "pkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-4ny1-ztaq-yudj" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" }, { "vulnerability": "VCID-h7x2-fxke-tkdp" }, { "vulnerability": "VCID-qqzg-7f84-4fhz" }, { "vulnerability": "VCID-ws6x-zs8f-b3d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:25.2.3%252Bdfsg-1%252Bdeb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343089?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.1%2Bdfsg-1%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-4ny1-ztaq-yudj" }, { "vulnerability": "VCID-4qr6-9z6u-ekb3" }, { "vulnerability": "VCID-7xvh-aqcu-uyb4" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" }, { "vulnerability": "VCID-qqzg-7f84-4fhz" }, { "vulnerability": "VCID-ws6x-zs8f-b3d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.1%252Bdfsg-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343116?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.9%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.9%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343087?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.11%2Bdfsg-7?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-7xvh-aqcu-uyb4" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.11%252Bdfsg-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343088?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.12%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.12%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-23942" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-57pa-s4pz-ukbc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63969?format=api", "vulnerability_id": "VCID-5vxe-1smj-fyck", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-46712", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00406", "scoring_system": "epss", "scoring_elements": "0.61328", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-46712" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-46712", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-46712" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104963", "reference_id": "1104963", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104963" }, { "reference_url": "https://github.com/erlang/otp/commit/e4b56a9f4a511aa9990dd86c16c61439c828df83", "reference_id": "e4b56a9f4a511aa9990dd86c16c61439c828df83", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T20:02:52Z/" } ], "url": "https://github.com/erlang/otp/commit/e4b56a9f4a511aa9990dd86c16c61439c828df83" }, { "reference_url": "https://github.com/erlang/otp/security/advisories/GHSA-934x-xq38-hhqf", "reference_id": "GHSA-934x-xq38-hhqf", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T20:02:52Z/" } ], "url": "https://github.com/erlang/otp/security/advisories/GHSA-934x-xq38-hhqf" }, { "reference_url": "https://github.com/erlang/otp/releases/tag/OTP-25.3.2.21", "reference_id": "OTP-25.3.2.21", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T20:02:52Z/" } ], "url": "https://github.com/erlang/otp/releases/tag/OTP-25.3.2.21" }, { "reference_url": "https://github.com/erlang/otp/releases/tag/OTP-26.2.5.12", "reference_id": "OTP-26.2.5.12", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T20:02:52Z/" } ], "url": "https://github.com/erlang/otp/releases/tag/OTP-26.2.5.12" }, { "reference_url": "https://github.com/erlang/otp/releases/tag/OTP-27.3.4", "reference_id": "OTP-27.3.4", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T20:02:52Z/" } ], "url": "https://github.com/erlang/otp/releases/tag/OTP-27.3.4" }, { "reference_url": "https://usn.ubuntu.com/7656-1/", "reference_id": "USN-7656-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7656-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/343110?format=api", "purl": "pkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:25.2.3%252Bdfsg-1%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343084?format=api", "purl": "pkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-4ny1-ztaq-yudj" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" }, { "vulnerability": "VCID-h7x2-fxke-tkdp" }, { "vulnerability": "VCID-qqzg-7f84-4fhz" }, { "vulnerability": "VCID-ws6x-zs8f-b3d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:25.2.3%252Bdfsg-1%252Bdeb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343111?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343089?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.1%2Bdfsg-1%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-4ny1-ztaq-yudj" }, { "vulnerability": "VCID-4qr6-9z6u-ekb3" }, { "vulnerability": "VCID-7xvh-aqcu-uyb4" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" }, { "vulnerability": "VCID-qqzg-7f84-4fhz" }, { "vulnerability": "VCID-ws6x-zs8f-b3d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.1%252Bdfsg-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343087?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.11%2Bdfsg-7?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-7xvh-aqcu-uyb4" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.11%252Bdfsg-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343088?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.12%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.12%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-46712" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5vxe-1smj-fyck" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/18259?format=api", "vulnerability_id": "VCID-64dr-ju62-67hf", "summary": "erlang: Erlang Excessive Use of System Resources", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48038.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48038.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-48038", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.43755", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-48038" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48038", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48038" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/erlang/otp/pull/10156", "reference_id": "10156", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T13:30:56Z/" } ], "url": "https://github.com/erlang/otp/pull/10156" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1115093", "reference_id": "1115093", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1115093" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2394522", "reference_id": "2394522", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2394522" }, { "reference_url": "https://github.com/erlang/otp/commit/4e3bf86777ab3db7220c11d8ddabf15970ddd10a", "reference_id": "4e3bf86777ab3db7220c11d8ddabf15970ddd10a", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T13:30:56Z/" } ], "url": "https://github.com/erlang/otp/commit/4e3bf86777ab3db7220c11d8ddabf15970ddd10a" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*" }, { "reference_url": "https://cna.erlef.org/cves/CVE-2025-48038.html", "reference_id": "CVE-2025-48038.html", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T13:30:56Z/" } ], "url": "https://cna.erlef.org/cves/CVE-2025-48038.html" }, { "reference_url": "https://osv.dev/vulnerability/EEF-CVE-2025-48038", "reference_id": "EEF-CVE-2025-48038", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T13:30:56Z/" } ], "url": "https://osv.dev/vulnerability/EEF-CVE-2025-48038" }, { "reference_url": "https://github.com/erlang/otp/commit/f09e0201ff701993dc24a08f15e524daf72db42f", "reference_id": "f09e0201ff701993dc24a08f15e524daf72db42f", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T13:30:56Z/" } ], "url": "https://github.com/erlang/otp/commit/f09e0201ff701993dc24a08f15e524daf72db42f" }, { "reference_url": "https://github.com/erlang/otp/security/advisories/GHSA-pvj7-9652-7h9r", "reference_id": "GHSA-pvj7-9652-7h9r", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T13:30:56Z/" } ], "url": "https://github.com/erlang/otp/security/advisories/GHSA-pvj7-9652-7h9r" }, { "reference_url": "https://usn.ubuntu.com/7831-1/", "reference_id": "USN-7831-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7831-1/" }, { "reference_url": "https://www.erlang.org/doc/system/versions.html#order-of-versions", "reference_id": "versions.html#order-of-versions", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T13:30:56Z/" } ], "url": "https://www.erlang.org/doc/system/versions.html#order-of-versions" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/343086?format=api", "purl": "pkg:deb/debian/erlang@1:23.2.6%2Bdfsg-1%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-4ny1-ztaq-yudj" }, { "vulnerability": "VCID-5vxe-1smj-fyck" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" }, { "vulnerability": "VCID-d2mt-nbtf-b3fy" }, { "vulnerability": "VCID-h7x2-fxke-tkdp" }, { "vulnerability": "VCID-qqzg-7f84-4fhz" }, { "vulnerability": "VCID-ws6x-zs8f-b3d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:23.2.6%252Bdfsg-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343112?format=api", "purl": "pkg:deb/debian/erlang@1:23.2.6%2Bdfsg-1%2Bdeb11u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:23.2.6%252Bdfsg-1%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343084?format=api", "purl": "pkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-4ny1-ztaq-yudj" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" }, { "vulnerability": "VCID-h7x2-fxke-tkdp" }, { "vulnerability": "VCID-qqzg-7f84-4fhz" }, { "vulnerability": "VCID-ws6x-zs8f-b3d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:25.2.3%252Bdfsg-1%252Bdeb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343095?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.1%2Bdfsg-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.1%252Bdfsg-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343089?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.1%2Bdfsg-1%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-4ny1-ztaq-yudj" }, { "vulnerability": "VCID-4qr6-9z6u-ekb3" }, { "vulnerability": "VCID-7xvh-aqcu-uyb4" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" }, { "vulnerability": "VCID-qqzg-7f84-4fhz" }, { "vulnerability": "VCID-ws6x-zs8f-b3d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.1%252Bdfsg-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343094?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.3%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.3%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343087?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.11%2Bdfsg-7?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-7xvh-aqcu-uyb4" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.11%252Bdfsg-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343088?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.12%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.12%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-48038" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-64dr-ju62-67hf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46110?format=api", "vulnerability_id": "VCID-67vj-n9pk-cyh3", "summary": "erlang: accepts and trusts an invalid X.509 certificate chain", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35733.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35733.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35733", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00172", "scoring_system": "epss", "scoring_elements": "0.38166", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35733" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35733", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35733" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1918203", "reference_id": "1918203", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1918203" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980199", "reference_id": "980199", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980199" }, { "reference_url": "https://security.archlinux.org/ASA-202101-39", "reference_id": "ASA-202101-39", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202101-39" }, { "reference_url": "https://security.archlinux.org/AVG-1457", "reference_id": "AVG-1457", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1457" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/343100?format=api", "purl": "pkg:deb/debian/erlang@1:23.2.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:23.2.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343086?format=api", "purl": "pkg:deb/debian/erlang@1:23.2.6%2Bdfsg-1%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-4ny1-ztaq-yudj" }, { "vulnerability": "VCID-5vxe-1smj-fyck" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" }, { "vulnerability": "VCID-d2mt-nbtf-b3fy" }, { "vulnerability": "VCID-h7x2-fxke-tkdp" }, { "vulnerability": "VCID-qqzg-7f84-4fhz" }, { "vulnerability": "VCID-ws6x-zs8f-b3d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:23.2.6%252Bdfsg-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343084?format=api", "purl": "pkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-4ny1-ztaq-yudj" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" }, { "vulnerability": "VCID-h7x2-fxke-tkdp" }, { "vulnerability": "VCID-qqzg-7f84-4fhz" }, { "vulnerability": "VCID-ws6x-zs8f-b3d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:25.2.3%252Bdfsg-1%252Bdeb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343089?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.1%2Bdfsg-1%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-4ny1-ztaq-yudj" }, { "vulnerability": "VCID-4qr6-9z6u-ekb3" }, { "vulnerability": "VCID-7xvh-aqcu-uyb4" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" }, { "vulnerability": "VCID-qqzg-7f84-4fhz" }, { "vulnerability": "VCID-ws6x-zs8f-b3d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.1%252Bdfsg-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343087?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.11%2Bdfsg-7?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-7xvh-aqcu-uyb4" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.11%252Bdfsg-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343088?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.12%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.12%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-35733" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-67vj-n9pk-cyh3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/86687?format=api", "vulnerability_id": "VCID-6efn-es4z-4udt", "summary": "Improper Handling of Highly Compressed Data (Compression Bomb) vulnerability in Erlang OTP ssh (ssh_transport modules) allows Denial of Service via Resource Depletion. The SSH transport layer advertises legacy zlib compression by default and inflates attacker-controlled payloads pre-authentication without any size limit, enabling reliable memory exhaustion DoS. Two compression algorithms are affected: * zlib: Activates immediately after key exchange, enabling unauthenticated attacks * zlib@openssh.com: Activates post-authentication, enabling authenticated attacks Each SSH packet can decompress ~255 MB from 256 KB of wire data (1029:1 amplification ratio). Multiple packets can rapidly exhaust available memory, causing OOM kills in memory-constrained environments. This vulnerability is associated with program files lib/ssh/src/ssh_transport.erl and program routines ssh_transport:decompress/2, ssh_transport:handle_packet_part/4. This issue affects OTP from OTP 17.0 until OTP 28.4.1, 27.3.4.9 and 26.2.5.18 corresponding to ssh from 3.0.1 until 5.5.1, 5.2.11.6 and 5.1.4.14.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-23943", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20413", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-23943" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23943", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23943" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/erlang/otp/commit/0c1c04b191f6ab940e8fcfabce39eb5a8a6440a4", "reference_id": "0c1c04b191f6ab940e8fcfabce39eb5a8a6440a4", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-13T16:01:40Z/" } ], "url": "https://github.com/erlang/otp/commit/0c1c04b191f6ab940e8fcfabce39eb5a8a6440a4" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130912", "reference_id": "1130912", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130912" }, { "reference_url": "https://github.com/erlang/otp/commit/43a87b949bdff12d629a8c34146711d9da93b1b1", "reference_id": "43a87b949bdff12d629a8c34146711d9da93b1b1", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-13T16:01:40Z/" } ], "url": "https://github.com/erlang/otp/commit/43a87b949bdff12d629a8c34146711d9da93b1b1" }, { "reference_url": "https://github.com/erlang/otp/commit/93073c3bd338c60cd2bae715ce6a1d4ffc1a8fd3", "reference_id": "93073c3bd338c60cd2bae715ce6a1d4ffc1a8fd3", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-13T16:01:40Z/" } ], "url": "https://github.com/erlang/otp/commit/93073c3bd338c60cd2bae715ce6a1d4ffc1a8fd3" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*" }, { "reference_url": "https://cna.erlef.org/cves/CVE-2026-23943.html", "reference_id": "CVE-2026-23943.html", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-13T16:01:40Z/" } ], "url": "https://cna.erlef.org/cves/CVE-2026-23943.html" }, { "reference_url": "https://osv.dev/vulnerability/EEF-CVE-2026-23943", "reference_id": "EEF-CVE-2026-23943", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-13T16:01:40Z/" } ], "url": "https://osv.dev/vulnerability/EEF-CVE-2026-23943" }, { "reference_url": "https://github.com/erlang/otp/security/advisories/GHSA-c836-qprm-jw9r", "reference_id": "GHSA-c836-qprm-jw9r", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-13T16:01:40Z/" } ], "url": "https://github.com/erlang/otp/security/advisories/GHSA-c836-qprm-jw9r" }, { "reference_url": "https://www.erlang.org/doc/system/versions.html#order-of-versions", "reference_id": "versions.html#order-of-versions", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-13T16:01:40Z/" } ], "url": "https://www.erlang.org/doc/system/versions.html#order-of-versions" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/343086?format=api", "purl": "pkg:deb/debian/erlang@1:23.2.6%2Bdfsg-1%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-4ny1-ztaq-yudj" }, { "vulnerability": "VCID-5vxe-1smj-fyck" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" }, { "vulnerability": "VCID-d2mt-nbtf-b3fy" }, { "vulnerability": "VCID-h7x2-fxke-tkdp" }, { "vulnerability": "VCID-qqzg-7f84-4fhz" }, { "vulnerability": "VCID-ws6x-zs8f-b3d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:23.2.6%252Bdfsg-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343114?format=api", "purl": "pkg:deb/debian/erlang@1:23.2.6%2Bdfsg-1%2Bdeb11u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:23.2.6%252Bdfsg-1%252Bdeb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343084?format=api", "purl": "pkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-4ny1-ztaq-yudj" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" }, { "vulnerability": "VCID-h7x2-fxke-tkdp" }, { "vulnerability": "VCID-qqzg-7f84-4fhz" }, { "vulnerability": "VCID-ws6x-zs8f-b3d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:25.2.3%252Bdfsg-1%252Bdeb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343089?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.1%2Bdfsg-1%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-4ny1-ztaq-yudj" }, { "vulnerability": "VCID-4qr6-9z6u-ekb3" }, { "vulnerability": "VCID-7xvh-aqcu-uyb4" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" }, { "vulnerability": "VCID-qqzg-7f84-4fhz" }, { "vulnerability": "VCID-ws6x-zs8f-b3d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.1%252Bdfsg-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343116?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.9%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.9%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343087?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.11%2Bdfsg-7?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-7xvh-aqcu-uyb4" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.11%252Bdfsg-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343088?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.12%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.12%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-23943" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6efn-es4z-4udt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81799?format=api", "vulnerability_id": "VCID-6pzt-ec8d-t7h5", "summary": "Multiple CRLF injection vulnerabilities in the FTP module in Erlang/OTP R15B03 allow context-dependent attackers to inject arbitrary FTP commands via CRLF sequences in the (1) user, (2) account, (3) cd, (4) ls, (5) nlist, (6) rename, (7) delete, (8) mkdir, (9) rmdir, (10) recv, (11) recv_bin, (12) recv_chunk_start, (13) send, (14) send_bin, (15) send_chunk_start, (16) append_chunk_start, (17) append, or (18) append_bin command.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-1693", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00588", "scoring_system": "epss", "scoring_elements": "0.69439", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-1693" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1693", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1693" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=738132", "reference_id": "738132", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=738132" }, { "reference_url": "https://usn.ubuntu.com/3571-1/", "reference_id": "USN-3571-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3571-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/343091?format=api", "purl": "pkg:deb/debian/erlang@1:16.b.3.1-dfsg-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:16.b.3.1-dfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343086?format=api", "purl": "pkg:deb/debian/erlang@1:23.2.6%2Bdfsg-1%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-4ny1-ztaq-yudj" }, { "vulnerability": "VCID-5vxe-1smj-fyck" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" }, { "vulnerability": "VCID-d2mt-nbtf-b3fy" }, { "vulnerability": "VCID-h7x2-fxke-tkdp" }, { "vulnerability": "VCID-qqzg-7f84-4fhz" }, { "vulnerability": "VCID-ws6x-zs8f-b3d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:23.2.6%252Bdfsg-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343084?format=api", "purl": "pkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-4ny1-ztaq-yudj" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" }, { "vulnerability": "VCID-h7x2-fxke-tkdp" }, { "vulnerability": "VCID-qqzg-7f84-4fhz" }, { "vulnerability": "VCID-ws6x-zs8f-b3d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:25.2.3%252Bdfsg-1%252Bdeb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343089?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.1%2Bdfsg-1%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-4ny1-ztaq-yudj" }, { "vulnerability": "VCID-4qr6-9z6u-ekb3" }, { "vulnerability": "VCID-7xvh-aqcu-uyb4" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" }, { "vulnerability": "VCID-qqzg-7f84-4fhz" }, { "vulnerability": "VCID-ws6x-zs8f-b3d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.1%252Bdfsg-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343087?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.11%2Bdfsg-7?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-7xvh-aqcu-uyb4" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.11%252Bdfsg-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343088?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.12%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.12%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-1693" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6pzt-ec8d-t7h5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81113?format=api", "vulnerability_id": "VCID-7xus-u1y7-3uap", "summary": "The random number generator in the Crypto application before 2.0.2.2, and SSH before 2.0.5, as used in the Erlang/OTP ssh library before R14B03, uses predictable seeds based on the current time, which makes it easier for remote attackers to guess DSA host and SSH session keys.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0766", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03371", "scoring_system": "epss", "scoring_elements": "0.87568", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0766" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0766", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0766" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=628456", "reference_id": "628456", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=628456" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/343085?format=api", "purl": "pkg:deb/debian/erlang@1:14.b.3-dfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:14.b.3-dfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343086?format=api", "purl": "pkg:deb/debian/erlang@1:23.2.6%2Bdfsg-1%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-4ny1-ztaq-yudj" }, { "vulnerability": "VCID-5vxe-1smj-fyck" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" }, { "vulnerability": "VCID-d2mt-nbtf-b3fy" }, { "vulnerability": "VCID-h7x2-fxke-tkdp" }, { "vulnerability": "VCID-qqzg-7f84-4fhz" }, { "vulnerability": "VCID-ws6x-zs8f-b3d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:23.2.6%252Bdfsg-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343084?format=api", "purl": "pkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-4ny1-ztaq-yudj" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" }, { "vulnerability": "VCID-h7x2-fxke-tkdp" }, { "vulnerability": "VCID-qqzg-7f84-4fhz" }, { "vulnerability": "VCID-ws6x-zs8f-b3d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:25.2.3%252Bdfsg-1%252Bdeb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343089?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.1%2Bdfsg-1%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-4ny1-ztaq-yudj" }, { "vulnerability": "VCID-4qr6-9z6u-ekb3" }, { "vulnerability": "VCID-7xvh-aqcu-uyb4" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" }, { "vulnerability": "VCID-qqzg-7f84-4fhz" }, { "vulnerability": "VCID-ws6x-zs8f-b3d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.1%252Bdfsg-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343087?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.11%2Bdfsg-7?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-7xvh-aqcu-uyb4" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.11%252Bdfsg-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343088?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.12%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.12%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2011-0766" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7xus-u1y7-3uap" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/87872?format=api", "vulnerability_id": "VCID-7xvh-aqcu-uyb4", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42791", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18653", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42791" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/erlang/otp/commit/7995f1fdaee3da569bb810358ce0f546471d169b", "reference_id": "7995f1fdaee3da569bb810358ce0f546471d169b", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-27T15:40:27Z/" } ], "url": "https://github.com/erlang/otp/commit/7995f1fdaee3da569bb810358ce0f546471d169b" }, { "reference_url": "https://github.com/erlang/otp/commit/b3870e02405c709a872b01ba6086065620cdfe76", "reference_id": "b3870e02405c709a872b01ba6086065620cdfe76", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-27T15:40:27Z/" } ], "url": "https://github.com/erlang/otp/commit/b3870e02405c709a872b01ba6086065620cdfe76" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*" }, { "reference_url": "https://cna.erlef.org/cves/CVE-2026-42791.html", "reference_id": "CVE-2026-42791.html", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-27T15:40:27Z/" } ], "url": "https://cna.erlef.org/cves/CVE-2026-42791.html" }, { "reference_url": "https://osv.dev/vulnerability/EEF-CVE-2026-42791", "reference_id": "EEF-CVE-2026-42791", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-27T15:40:27Z/" } ], "url": "https://osv.dev/vulnerability/EEF-CVE-2026-42791" }, { "reference_url": "https://github.com/erlang/otp/security/advisories/GHSA-cjxj-wj6x-3fff", "reference_id": "GHSA-cjxj-wj6x-3fff", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-27T15:40:27Z/" } ], "url": "https://github.com/erlang/otp/security/advisories/GHSA-cjxj-wj6x-3fff" }, { "reference_url": "https://www.erlang.org/doc/system/versions.html#order-of-versions", "reference_id": "versions.html#order-of-versions", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-27T15:40:27Z/" } ], "url": "https://www.erlang.org/doc/system/versions.html#order-of-versions" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/343101?format=api", "purl": "pkg:deb/debian/erlang@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343086?format=api", "purl": "pkg:deb/debian/erlang@1:23.2.6%2Bdfsg-1%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-4ny1-ztaq-yudj" }, { "vulnerability": "VCID-5vxe-1smj-fyck" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" }, { "vulnerability": "VCID-d2mt-nbtf-b3fy" }, { "vulnerability": "VCID-h7x2-fxke-tkdp" }, { "vulnerability": "VCID-qqzg-7f84-4fhz" }, { "vulnerability": "VCID-ws6x-zs8f-b3d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:23.2.6%252Bdfsg-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343084?format=api", "purl": "pkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-4ny1-ztaq-yudj" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" }, { "vulnerability": "VCID-h7x2-fxke-tkdp" }, { "vulnerability": "VCID-qqzg-7f84-4fhz" }, { "vulnerability": "VCID-ws6x-zs8f-b3d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:25.2.3%252Bdfsg-1%252Bdeb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343088?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.12%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.12%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-42791" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7xvh-aqcu-uyb4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/86871?format=api", "vulnerability_id": "VCID-8a5v-tu8j-7kfe", "summary": "Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_cert and public_key modules) allows a DNS nameConstraints bypass via subject CommonName fallback in TLS hostname verification. Two flaws combine to allow a subordinate CA whose DNS nameConstraints are restricted (e.g. permitted;DNS:allowed.example.com) to issue a leaf certificate that an OTP TLS client accepts as a valid identity for an out-of-scope hostname (e.g. victim.example.com) First, pubkey_cert:validate_names/6 in lib/public_key/src/pubkey_cert.erl only checks SAN DNS entries against nameConstraints. Per RFC 5280, a permitted DNS subtree only restricts certificates that contain a DNS-typed name. A leaf with no subjectAltName therefore trivially satisfies any permitted;DNS:... constraint regardless of its subject commonName. Second, public_key:pkix_verify_hostname/3 in lib/public_key/src/public_key.erl falls back to the subject commonName when no subjectAltName is present, extracting id-at-commonName attributes as presented IDs and matching them against the reference hostname. The strict pkix_verify_hostname_match_fun(https) matcher does not suppress this fallback. The result is that path validation accepts a CN-only leaf under a DNS-constrained intermediate (no SAN means the nameConstraints are not triggered), and hostname verification then accepts it via the CN fallback. The bypass is reachable from stock ssl:connect with verify_peer, a trusted CA, SNI, and the canonical strict https hostname matcher. This issue affects OTP from OTP 19.3 before OTP 26.2.5.21, 27.3.4.12, 28.5.0.1, and 29.0.1 corresponding to public_key from 1.4 before 1.15.1.7, 1.17.1.3, 1.20.3.1, and 1.21.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42790", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.08507", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42790" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42790", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42790" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/erlang/otp/commit/0769050c69d73762672b0db1347b6993a5b31759", "reference_id": "0769050c69d73762672b0db1347b6993a5b31759", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T17:31:50Z/" } ], "url": "https://github.com/erlang/otp/commit/0769050c69d73762672b0db1347b6993a5b31759" }, { "reference_url": "https://github.com/erlang/otp/commit/21abed64eb2026b5f82f432709e4e932f9be389a", "reference_id": "21abed64eb2026b5f82f432709e4e932f9be389a", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T17:31:50Z/" } ], "url": "https://github.com/erlang/otp/commit/21abed64eb2026b5f82f432709e4e932f9be389a" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*" }, { "reference_url": "https://cna.erlef.org/cves/CVE-2026-42790.html", "reference_id": "CVE-2026-42790.html", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T17:31:50Z/" } ], "url": "https://cna.erlef.org/cves/CVE-2026-42790.html" }, { "reference_url": "https://osv.dev/vulnerability/EEF-CVE-2026-42790", "reference_id": "EEF-CVE-2026-42790", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T17:31:50Z/" } ], "url": "https://osv.dev/vulnerability/EEF-CVE-2026-42790" }, { "reference_url": "https://github.com/erlang/otp/commit/fb67c6d1836f51105a96d8b769e71e4215a79457", "reference_id": "fb67c6d1836f51105a96d8b769e71e4215a79457", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T17:31:50Z/" } ], "url": "https://github.com/erlang/otp/commit/fb67c6d1836f51105a96d8b769e71e4215a79457" }, { "reference_url": "https://github.com/erlang/otp/security/advisories/GHSA-22cw-4ph4-6447", "reference_id": "GHSA-22cw-4ph4-6447", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T17:31:50Z/" } ], "url": "https://github.com/erlang/otp/security/advisories/GHSA-22cw-4ph4-6447" }, { "reference_url": "https://www.erlang.org/doc/system/versions.html#order-of-versions", "reference_id": "versions.html#order-of-versions", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T17:31:50Z/" } ], "url": "https://www.erlang.org/doc/system/versions.html#order-of-versions" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/343088?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.12%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.12%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-42790" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8a5v-tu8j-7kfe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/18256?format=api", "vulnerability_id": "VCID-8n22-d5uj-wkdm", "summary": "erlang: Erlang Exhaustion of File Handles", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48041.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48041.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-48041", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.43755", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-48041" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48041", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48041" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/erlang/otp/pull/10157", "reference_id": "10157", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T13:30:20Z/" } ], "url": "https://github.com/erlang/otp/pull/10157" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1115090", "reference_id": "1115090", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1115090" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2394520", "reference_id": "2394520", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2394520" }, { "reference_url": "https://github.com/erlang/otp/commit/5f9af63eec4657a37663828d206517828cb9f288", "reference_id": "5f9af63eec4657a37663828d206517828cb9f288", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T13:30:20Z/" } ], "url": "https://github.com/erlang/otp/commit/5f9af63eec4657a37663828d206517828cb9f288" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*" }, { "reference_url": "https://cna.erlef.org/cves/CVE-2025-48041.html", "reference_id": "CVE-2025-48041.html", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T13:30:20Z/" } ], "url": "https://cna.erlef.org/cves/CVE-2025-48041.html" }, { "reference_url": "https://github.com/erlang/otp/commit/d49efa2d4fa9e6f7ee658719cd76ffe7a33c2401", "reference_id": "d49efa2d4fa9e6f7ee658719cd76ffe7a33c2401", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T13:30:20Z/" } ], "url": "https://github.com/erlang/otp/commit/d49efa2d4fa9e6f7ee658719cd76ffe7a33c2401" }, { "reference_url": "https://osv.dev/vulnerability/EEF-CVE-2025-48041", "reference_id": "EEF-CVE-2025-48041", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T13:30:20Z/" } ], "url": "https://osv.dev/vulnerability/EEF-CVE-2025-48041" }, { "reference_url": "https://github.com/erlang/otp/security/advisories/GHSA-79c4-cvv7-4qm3", "reference_id": "GHSA-79c4-cvv7-4qm3", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T13:30:20Z/" } ], "url": "https://github.com/erlang/otp/security/advisories/GHSA-79c4-cvv7-4qm3" }, { "reference_url": "https://usn.ubuntu.com/7831-1/", "reference_id": "USN-7831-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7831-1/" }, { "reference_url": "https://www.erlang.org/doc/system/versions.html#order-of-versions", "reference_id": "versions.html#order-of-versions", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T13:30:20Z/" } ], "url": "https://www.erlang.org/doc/system/versions.html#order-of-versions" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/343086?format=api", "purl": "pkg:deb/debian/erlang@1:23.2.6%2Bdfsg-1%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-4ny1-ztaq-yudj" }, { "vulnerability": "VCID-5vxe-1smj-fyck" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" }, { "vulnerability": "VCID-d2mt-nbtf-b3fy" }, { "vulnerability": "VCID-h7x2-fxke-tkdp" }, { "vulnerability": "VCID-qqzg-7f84-4fhz" }, { "vulnerability": "VCID-ws6x-zs8f-b3d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:23.2.6%252Bdfsg-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343112?format=api", "purl": "pkg:deb/debian/erlang@1:23.2.6%2Bdfsg-1%2Bdeb11u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:23.2.6%252Bdfsg-1%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343084?format=api", "purl": "pkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-4ny1-ztaq-yudj" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" }, { "vulnerability": "VCID-h7x2-fxke-tkdp" }, { "vulnerability": "VCID-qqzg-7f84-4fhz" }, { "vulnerability": "VCID-ws6x-zs8f-b3d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:25.2.3%252Bdfsg-1%252Bdeb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343095?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.1%2Bdfsg-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.1%252Bdfsg-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343089?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.1%2Bdfsg-1%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-4ny1-ztaq-yudj" }, { "vulnerability": "VCID-4qr6-9z6u-ekb3" }, { "vulnerability": "VCID-7xvh-aqcu-uyb4" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" }, { "vulnerability": "VCID-qqzg-7f84-4fhz" }, { "vulnerability": "VCID-ws6x-zs8f-b3d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.1%252Bdfsg-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343094?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.3%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.3%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343087?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.11%2Bdfsg-7?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-7xvh-aqcu-uyb4" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.11%252Bdfsg-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343088?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.12%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.12%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-48041" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8n22-d5uj-wkdm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41193?format=api", "vulnerability_id": "VCID-a6m2-yp7x-mbfs", "summary": "erlang/otp: Client Authentication Bypass", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-37026.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-37026.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-37026", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40266", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-37026" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37026", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37026" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024632", "reference_id": "1024632", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024632" }, { "reference_url": "https://erlangforums.com/t/otp-25-1-released/1854", "reference_id": "1854", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-27T15:29:58Z/" } ], "url": "https://erlangforums.com/t/otp-25-1-released/1854" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2141802", "reference_id": "2141802", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2141802" }, { "reference_url": "https://erlangforums.com/c/erlang-news-announcements/91", "reference_id": "91", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-27T15:29:58Z/" } ], "url": "https://erlangforums.com/c/erlang-news-announcements/91" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00012.html", "reference_id": "msg00012.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-27T15:29:58Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00012.html" }, { "reference_url": "https://github.com/erlang/otp/compare/OTP-23.3.4.14...OTP-23.3.4.15", "reference_id": "OTP-23.3.4.14...OTP-23.3.4.15", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-27T15:29:58Z/" } ], "url": "https://github.com/erlang/otp/compare/OTP-23.3.4.14...OTP-23.3.4.15" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8857", "reference_id": "RHSA-2022:8857", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8857" }, { "reference_url": "https://usn.ubuntu.com/6059-1/", "reference_id": "USN-6059-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6059-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/343086?format=api", "purl": "pkg:deb/debian/erlang@1:23.2.6%2Bdfsg-1%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-4ny1-ztaq-yudj" }, { "vulnerability": "VCID-5vxe-1smj-fyck" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" }, { "vulnerability": "VCID-d2mt-nbtf-b3fy" }, { "vulnerability": "VCID-h7x2-fxke-tkdp" }, { "vulnerability": "VCID-qqzg-7f84-4fhz" }, { "vulnerability": "VCID-ws6x-zs8f-b3d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:23.2.6%252Bdfsg-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343102?format=api", "purl": "pkg:deb/debian/erlang@1:24.3.4.5%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:24.3.4.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343084?format=api", "purl": "pkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-4ny1-ztaq-yudj" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" }, { "vulnerability": "VCID-h7x2-fxke-tkdp" }, { "vulnerability": "VCID-qqzg-7f84-4fhz" }, { "vulnerability": "VCID-ws6x-zs8f-b3d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:25.2.3%252Bdfsg-1%252Bdeb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343089?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.1%2Bdfsg-1%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-4ny1-ztaq-yudj" }, { "vulnerability": "VCID-4qr6-9z6u-ekb3" }, { "vulnerability": "VCID-7xvh-aqcu-uyb4" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" }, { "vulnerability": "VCID-qqzg-7f84-4fhz" }, { "vulnerability": "VCID-ws6x-zs8f-b3d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.1%252Bdfsg-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343087?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.11%2Bdfsg-7?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-7xvh-aqcu-uyb4" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.11%252Bdfsg-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343088?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.12%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.12%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-37026" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a6m2-yp7x-mbfs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/70343?format=api", "vulnerability_id": "VCID-bhqe-322z-xqhq", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-32433", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.59722", "scoring_system": "epss", "scoring_elements": "0.98287", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-32433" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32433", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32433" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/erlang/otp/commit/0fcd9c56524b28615e8ece65fc0c3f66ef6e4c12", "reference_id": "0fcd9c56524b28615e8ece65fc0c3f66ef6e4c12", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-08-20T03:55:59Z/" } ], "url": "https://github.com/erlang/otp/commit/0fcd9c56524b28615e8ece65fc0c3f66ef6e4c12" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103442", "reference_id": "1103442", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103442" }, { "reference_url": "https://github.com/erlang/otp/commit/6eef04130afc8b0ccb63c9a0d8650209cf54892f", "reference_id": "6eef04130afc8b0ccb63c9a0d8650209cf54892f", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-08-20T03:55:59Z/" } ], "url": "https://github.com/erlang/otp/commit/6eef04130afc8b0ccb63c9a0d8650209cf54892f" }, { "reference_url": "https://github.com/erlang/otp/commit/b1924d37fd83c070055beb115d5d6a6a9490b891", "reference_id": "b1924d37fd83c070055beb115d5d6a6a9490b891", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-08-20T03:55:59Z/" } ], "url": "https://github.com/erlang/otp/commit/b1924d37fd83c070055beb115d5d6a6a9490b891" }, { "reference_url": "https://github.com/erlang/otp/security/advisories/GHSA-37cp-fgq5-7wc2", "reference_id": "GHSA-37cp-fgq5-7wc2", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-08-20T03:55:59Z/" } ], "url": "https://github.com/erlang/otp/security/advisories/GHSA-37cp-fgq5-7wc2" }, { "reference_url": "https://usn.ubuntu.com/7443-1/", "reference_id": "USN-7443-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7443-1/" }, { "reference_url": "https://usn.ubuntu.com/7443-2/", "reference_id": "USN-7443-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7443-2/" }, { "reference_url": "https://usn.ubuntu.com/7443-3/", "reference_id": "USN-7443-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7443-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/343086?format=api", "purl": "pkg:deb/debian/erlang@1:23.2.6%2Bdfsg-1%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-4ny1-ztaq-yudj" }, { "vulnerability": "VCID-5vxe-1smj-fyck" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" }, { "vulnerability": "VCID-d2mt-nbtf-b3fy" }, { "vulnerability": "VCID-h7x2-fxke-tkdp" }, { "vulnerability": "VCID-qqzg-7f84-4fhz" }, { "vulnerability": "VCID-ws6x-zs8f-b3d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:23.2.6%252Bdfsg-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343104?format=api", "purl": "pkg:deb/debian/erlang@1:23.2.6%2Bdfsg-1%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:23.2.6%252Bdfsg-1%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343103?format=api", "purl": "pkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:25.2.3%252Bdfsg-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343084?format=api", "purl": "pkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-4ny1-ztaq-yudj" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" }, { "vulnerability": "VCID-h7x2-fxke-tkdp" }, { "vulnerability": "VCID-qqzg-7f84-4fhz" }, { "vulnerability": "VCID-ws6x-zs8f-b3d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:25.2.3%252Bdfsg-1%252Bdeb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343109?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.3%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.3%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343089?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.1%2Bdfsg-1%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-4ny1-ztaq-yudj" }, { "vulnerability": "VCID-4qr6-9z6u-ekb3" }, { "vulnerability": "VCID-7xvh-aqcu-uyb4" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" }, { "vulnerability": "VCID-qqzg-7f84-4fhz" }, { "vulnerability": "VCID-ws6x-zs8f-b3d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.1%252Bdfsg-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343087?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.11%2Bdfsg-7?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-7xvh-aqcu-uyb4" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.11%252Bdfsg-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343088?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.12%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.12%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-32433" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bhqe-322z-xqhq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46829?format=api", "vulnerability_id": "VCID-bkyt-f23n-ukfu", "summary": "Erlang/OTP: allows attackers to read arbitrary files via a crafted HTTP request", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25623.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25623.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25623", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00934", "scoring_system": "epss", "scoring_elements": "0.76477", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25623" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25623", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25623" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1885311", "reference_id": "1885311", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1885311" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/343099?format=api", "purl": "pkg:deb/debian/erlang@1:23.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:23.1%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343086?format=api", "purl": "pkg:deb/debian/erlang@1:23.2.6%2Bdfsg-1%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-4ny1-ztaq-yudj" }, { "vulnerability": "VCID-5vxe-1smj-fyck" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" }, { "vulnerability": "VCID-d2mt-nbtf-b3fy" }, { "vulnerability": "VCID-h7x2-fxke-tkdp" }, { "vulnerability": "VCID-qqzg-7f84-4fhz" }, { "vulnerability": "VCID-ws6x-zs8f-b3d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:23.2.6%252Bdfsg-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343084?format=api", "purl": "pkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-4ny1-ztaq-yudj" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" }, { "vulnerability": "VCID-h7x2-fxke-tkdp" }, { "vulnerability": "VCID-qqzg-7f84-4fhz" }, { "vulnerability": "VCID-ws6x-zs8f-b3d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:25.2.3%252Bdfsg-1%252Bdeb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343089?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.1%2Bdfsg-1%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-4ny1-ztaq-yudj" }, { "vulnerability": "VCID-4qr6-9z6u-ekb3" }, { "vulnerability": "VCID-7xvh-aqcu-uyb4" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" }, { "vulnerability": "VCID-qqzg-7f84-4fhz" }, { "vulnerability": "VCID-ws6x-zs8f-b3d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.1%252Bdfsg-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343087?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.11%2Bdfsg-7?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-7xvh-aqcu-uyb4" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.11%252Bdfsg-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343088?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.12%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.12%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-25623" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bkyt-f23n-ukfu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/18257?format=api", "vulnerability_id": "VCID-d2mt-nbtf-b3fy", "summary": "erlang: Erlang Excessive Resource Consumption", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48040.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48040.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-48040", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00214", "scoring_system": "epss", "scoring_elements": "0.43946", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-48040" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48040", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48040" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/erlang/otp/pull/10162", "reference_id": "10162", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-11T13:30:33Z/" } ], "url": "https://github.com/erlang/otp/pull/10162" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1115091", "reference_id": "1115091", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1115091" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2394521", "reference_id": "2394521", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2394521" }, { "reference_url": "https://github.com/erlang/otp/commit/548f1295d86d0803da884db8685cc16d461d0d5a", "reference_id": "548f1295d86d0803da884db8685cc16d461d0d5a", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-11T13:30:33Z/" } ], "url": "https://github.com/erlang/otp/commit/548f1295d86d0803da884db8685cc16d461d0d5a" }, { "reference_url": "https://github.com/erlang/otp/commit/7cd7abb7e19e16b027eaee6a54e1f6fbbe21181a", "reference_id": "7cd7abb7e19e16b027eaee6a54e1f6fbbe21181a", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-11T13:30:33Z/" } ], "url": "https://github.com/erlang/otp/commit/7cd7abb7e19e16b027eaee6a54e1f6fbbe21181a" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*" }, { "reference_url": "https://cna.erlef.org/cves/CVE-2025-48040.html", "reference_id": "CVE-2025-48040.html", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-11T13:30:33Z/" } ], "url": "https://cna.erlef.org/cves/CVE-2025-48040.html" }, { "reference_url": "https://osv.dev/vulnerability/EEF-CVE-2025-48040", "reference_id": "EEF-CVE-2025-48040", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-11T13:30:33Z/" } ], "url": "https://osv.dev/vulnerability/EEF-CVE-2025-48040" }, { "reference_url": "https://github.com/erlang/otp/security/advisories/GHSA-h7rg-6rjg-4cph", "reference_id": "GHSA-h7rg-6rjg-4cph", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-11T13:30:33Z/" } ], "url": "https://github.com/erlang/otp/security/advisories/GHSA-h7rg-6rjg-4cph" }, { "reference_url": "https://usn.ubuntu.com/7831-1/", "reference_id": "USN-7831-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7831-1/" }, { "reference_url": "https://www.erlang.org/doc/system/versions.html#order-of-versions", "reference_id": "versions.html#order-of-versions", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-11T13:30:33Z/" } ], "url": "https://www.erlang.org/doc/system/versions.html#order-of-versions" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/343084?format=api", "purl": "pkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-4ny1-ztaq-yudj" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" }, { "vulnerability": "VCID-h7x2-fxke-tkdp" }, { "vulnerability": "VCID-qqzg-7f84-4fhz" }, { "vulnerability": "VCID-ws6x-zs8f-b3d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:25.2.3%252Bdfsg-1%252Bdeb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343095?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.1%2Bdfsg-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.1%252Bdfsg-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343089?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.1%2Bdfsg-1%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-4ny1-ztaq-yudj" }, { "vulnerability": "VCID-4qr6-9z6u-ekb3" }, { "vulnerability": "VCID-7xvh-aqcu-uyb4" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" }, { "vulnerability": "VCID-qqzg-7f84-4fhz" }, { "vulnerability": "VCID-ws6x-zs8f-b3d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.1%252Bdfsg-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343094?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.3%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.3%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343087?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.11%2Bdfsg-7?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-7xvh-aqcu-uyb4" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.11%252Bdfsg-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343088?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.12%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.12%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-48040" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d2mt-nbtf-b3fy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51124?format=api", "vulnerability_id": "VCID-h7x2-fxke-tkdp", "summary": "erlang: allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy serve", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1000107.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1000107.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-1000107", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00399", "scoring_system": "epss", "scoring_elements": "0.60933", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-1000107" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000107", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000107" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:P/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1115086", "reference_id": "1115086", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1115086" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1824460", "reference_id": "1824460", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1824460" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/343095?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.1%2Bdfsg-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.1%252Bdfsg-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343089?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.1%2Bdfsg-1%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-4ny1-ztaq-yudj" }, { "vulnerability": "VCID-4qr6-9z6u-ekb3" }, { "vulnerability": "VCID-7xvh-aqcu-uyb4" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" }, { "vulnerability": "VCID-qqzg-7f84-4fhz" }, { "vulnerability": "VCID-ws6x-zs8f-b3d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.1%252Bdfsg-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343094?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.3%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.3%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343087?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.11%2Bdfsg-7?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-7xvh-aqcu-uyb4" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.11%252Bdfsg-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343088?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.12%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.12%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-1000107" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h7x2-fxke-tkdp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65229?format=api", "vulnerability_id": "VCID-he8m-w61m-b7c4", "summary": "erlang: Heap-buffer overflow via regular expressions", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10253.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10253.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-10253", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50909", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-10253" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10253", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10253" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.6", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1433985", "reference_id": "1433985", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1433985" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858313", "reference_id": "858313", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858313" }, { "reference_url": "https://usn.ubuntu.com/3571-1/", "reference_id": "USN-3571-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3571-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/343096?format=api", "purl": "pkg:deb/debian/erlang@1:19.2.1%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:19.2.1%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343086?format=api", "purl": "pkg:deb/debian/erlang@1:23.2.6%2Bdfsg-1%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-4ny1-ztaq-yudj" }, { "vulnerability": "VCID-5vxe-1smj-fyck" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" }, { "vulnerability": "VCID-d2mt-nbtf-b3fy" }, { "vulnerability": "VCID-h7x2-fxke-tkdp" }, { "vulnerability": "VCID-qqzg-7f84-4fhz" }, { "vulnerability": "VCID-ws6x-zs8f-b3d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:23.2.6%252Bdfsg-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343084?format=api", "purl": "pkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-4ny1-ztaq-yudj" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" }, { "vulnerability": "VCID-h7x2-fxke-tkdp" }, { "vulnerability": "VCID-qqzg-7f84-4fhz" }, { "vulnerability": "VCID-ws6x-zs8f-b3d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:25.2.3%252Bdfsg-1%252Bdeb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343089?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.1%2Bdfsg-1%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-4ny1-ztaq-yudj" }, { "vulnerability": "VCID-4qr6-9z6u-ekb3" }, { "vulnerability": "VCID-7xvh-aqcu-uyb4" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" }, { "vulnerability": "VCID-qqzg-7f84-4fhz" }, { "vulnerability": "VCID-ws6x-zs8f-b3d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.1%252Bdfsg-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343087?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.11%2Bdfsg-7?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-7xvh-aqcu-uyb4" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.11%252Bdfsg-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343088?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.12%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.12%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-10253" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-he8m-w61m-b7c4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/82016?format=api", "vulnerability_id": "VCID-k8x8-z9nh-gug2", "summary": "Erlang/OTP before 18.0-rc1 does not properly check CBC padding bytes when terminating connections, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE).", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-2774", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00529", "scoring_system": "epss", "scoring_elements": "0.6749", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-2774" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2774", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2774" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781839", "reference_id": "781839", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781839" }, { "reference_url": "https://usn.ubuntu.com/3571-1/", "reference_id": "USN-3571-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3571-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/343093?format=api", "purl": "pkg:deb/debian/erlang@1:17.3-dfsg-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:17.3-dfsg-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343086?format=api", "purl": "pkg:deb/debian/erlang@1:23.2.6%2Bdfsg-1%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-4ny1-ztaq-yudj" }, { "vulnerability": "VCID-5vxe-1smj-fyck" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" }, { "vulnerability": "VCID-d2mt-nbtf-b3fy" }, { "vulnerability": "VCID-h7x2-fxke-tkdp" }, { "vulnerability": "VCID-qqzg-7f84-4fhz" }, { "vulnerability": "VCID-ws6x-zs8f-b3d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:23.2.6%252Bdfsg-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343084?format=api", "purl": "pkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-4ny1-ztaq-yudj" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" }, { "vulnerability": "VCID-h7x2-fxke-tkdp" }, { "vulnerability": "VCID-qqzg-7f84-4fhz" }, { "vulnerability": "VCID-ws6x-zs8f-b3d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:25.2.3%252Bdfsg-1%252Bdeb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343089?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.1%2Bdfsg-1%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-4ny1-ztaq-yudj" }, { "vulnerability": "VCID-4qr6-9z6u-ekb3" }, { "vulnerability": "VCID-7xvh-aqcu-uyb4" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" }, { "vulnerability": "VCID-qqzg-7f84-4fhz" }, { "vulnerability": "VCID-ws6x-zs8f-b3d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.1%252Bdfsg-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343087?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.11%2Bdfsg-7?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-7xvh-aqcu-uyb4" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.11%252Bdfsg-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343088?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.12%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.12%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2015-2774" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k8x8-z9nh-gug2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83649?format=api", "vulnerability_id": "VCID-mfnh-3d2j-9qfm", "summary": "yaws_config.erl in Yaws through 2.0.2 and/or 2.0.7 loads obsolete TLS ciphers, as demonstrated by ones that allow Sweet32 attacks, if running on an Erlang/OTP virtual machine with a version less than 21.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-12872", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09897", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-12872" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12872", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12872" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/343098?format=api", "purl": "pkg:deb/debian/erlang@1:21.2.6%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:21.2.6%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343086?format=api", "purl": "pkg:deb/debian/erlang@1:23.2.6%2Bdfsg-1%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-4ny1-ztaq-yudj" }, { "vulnerability": "VCID-5vxe-1smj-fyck" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" }, { "vulnerability": "VCID-d2mt-nbtf-b3fy" }, { "vulnerability": "VCID-h7x2-fxke-tkdp" }, { "vulnerability": "VCID-qqzg-7f84-4fhz" }, { "vulnerability": "VCID-ws6x-zs8f-b3d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:23.2.6%252Bdfsg-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343084?format=api", "purl": "pkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-4ny1-ztaq-yudj" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" }, { "vulnerability": "VCID-h7x2-fxke-tkdp" }, { "vulnerability": "VCID-qqzg-7f84-4fhz" }, { "vulnerability": "VCID-ws6x-zs8f-b3d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:25.2.3%252Bdfsg-1%252Bdeb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343089?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.1%2Bdfsg-1%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-4ny1-ztaq-yudj" }, { "vulnerability": "VCID-4qr6-9z6u-ekb3" }, { "vulnerability": "VCID-7xvh-aqcu-uyb4" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" }, { "vulnerability": "VCID-qqzg-7f84-4fhz" }, { "vulnerability": "VCID-ws6x-zs8f-b3d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.1%252Bdfsg-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343087?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.11%2Bdfsg-7?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-7xvh-aqcu-uyb4" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.11%252Bdfsg-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343088?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.12%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.12%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-12872" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mfnh-3d2j-9qfm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74348?format=api", "vulnerability_id": "VCID-nr5s-ac3b-xfeb", "summary": "arbitrary file overwrite", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-4748", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00375", "scoring_system": "epss", "scoring_elements": "0.59368", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-4748" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4748", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4748" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107939", "reference_id": "1107939", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107939" }, { "reference_url": "https://github.com/erlang/otp/commit/578d4001575aa7647ea1efd4b2b7e3afadcc99a5", "reference_id": "578d4001575aa7647ea1efd4b2b7e3afadcc99a5", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:L/SA:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:10:47Z/" } ], "url": "https://github.com/erlang/otp/commit/578d4001575aa7647ea1efd4b2b7e3afadcc99a5" }, { "reference_url": "https://github.com/erlang/otp/commit/5a55feec10c9b69189d56723d8f237afa58d5d4f", "reference_id": "5a55feec10c9b69189d56723d8f237afa58d5d4f", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:L/SA:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:10:47Z/" } ], "url": "https://github.com/erlang/otp/commit/5a55feec10c9b69189d56723d8f237afa58d5d4f" }, { "reference_url": "https://github.com/erlang/otp/pull/9941", "reference_id": "9941", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:L/SA:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:10:47Z/" } ], "url": "https://github.com/erlang/otp/pull/9941" }, { "reference_url": "https://security.archlinux.org/AVG-2900", "reference_id": "AVG-2900", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2900" }, { "reference_url": "https://github.com/erlang/otp/commit/ba2f2bc5f45fcfd2d6201ba07990a678bbf4cc8f", "reference_id": "ba2f2bc5f45fcfd2d6201ba07990a678bbf4cc8f", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:L/SA:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:10:47Z/" } ], "url": "https://github.com/erlang/otp/commit/ba2f2bc5f45fcfd2d6201ba07990a678bbf4cc8f" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*" }, { "reference_url": "https://cna.erlef.org/cves/CVE-2025-4748.html", "reference_id": "CVE-2025-4748.html", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:L/SA:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:10:47Z/" } ], "url": "https://cna.erlef.org/cves/CVE-2025-4748.html" }, { "reference_url": "https://osv.dev/vulnerability/EEF-CVE-2025-4748", "reference_id": "EEF-CVE-2025-4748", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:L/SA:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:10:47Z/" } ], "url": "https://osv.dev/vulnerability/EEF-CVE-2025-4748" }, { "reference_url": "https://github.com/erlang/otp/security/advisories/GHSA-9g37-pgj9-wrhc", "reference_id": "GHSA-9g37-pgj9-wrhc", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:L/SA:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:10:47Z/" } ], "url": "https://github.com/erlang/otp/security/advisories/GHSA-9g37-pgj9-wrhc" }, { "reference_url": "https://usn.ubuntu.com/7656-1/", "reference_id": "USN-7656-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7656-1/" }, { "reference_url": "https://www.erlang.org/doc/system/versions.html#order-of-versions", "reference_id": "versions.html#order-of-versions", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:L/SA:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:10:47Z/" } ], "url": "https://www.erlang.org/doc/system/versions.html#order-of-versions" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/343086?format=api", "purl": "pkg:deb/debian/erlang@1:23.2.6%2Bdfsg-1%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-4ny1-ztaq-yudj" }, { "vulnerability": "VCID-5vxe-1smj-fyck" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" }, { "vulnerability": "VCID-d2mt-nbtf-b3fy" }, { "vulnerability": "VCID-h7x2-fxke-tkdp" }, { "vulnerability": "VCID-qqzg-7f84-4fhz" }, { "vulnerability": "VCID-ws6x-zs8f-b3d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:23.2.6%252Bdfsg-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343112?format=api", "purl": "pkg:deb/debian/erlang@1:23.2.6%2Bdfsg-1%2Bdeb11u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:23.2.6%252Bdfsg-1%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343110?format=api", "purl": "pkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:25.2.3%252Bdfsg-1%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343084?format=api", "purl": "pkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-4ny1-ztaq-yudj" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" }, { "vulnerability": "VCID-h7x2-fxke-tkdp" }, { "vulnerability": "VCID-qqzg-7f84-4fhz" }, { "vulnerability": "VCID-ws6x-zs8f-b3d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:25.2.3%252Bdfsg-1%252Bdeb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343113?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.1%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343089?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.1%2Bdfsg-1%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-4ny1-ztaq-yudj" }, { "vulnerability": "VCID-4qr6-9z6u-ekb3" }, { "vulnerability": "VCID-7xvh-aqcu-uyb4" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" }, { "vulnerability": "VCID-qqzg-7f84-4fhz" }, { "vulnerability": "VCID-ws6x-zs8f-b3d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.1%252Bdfsg-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343087?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.11%2Bdfsg-7?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-7xvh-aqcu-uyb4" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.11%252Bdfsg-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343088?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.12%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.12%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-4748" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nr5s-ac3b-xfeb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/86685?format=api", "vulnerability_id": "VCID-nwj4-gjte-qyhd", "summary": "Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in Erlang OTP (inets httpd module) allows HTTP Request Smuggling. This vulnerability is associated with program files lib/inets/src/http_server/httpd_request.erl and program routines httpd_request:parse_headers/7. The server does not reject or normalize duplicate Content-Length headers. The earliest Content-Length in the request is used for body parsing while common reverse proxies (nginx, Apache httpd, Envoy) honor the last Content-Length value. This violates RFC 9112 Section 6.3 and allows front-end/back-end desynchronization, leaving attacker-controlled bytes queued as the start of the next request. This issue affects OTP from OTP 17.0 until OTP 28.4.1, OTP 27.3.4.9 and OTP 26.2.5.18, corresponding to inets from 5.10 until 9.6.1, 9.3.2.3 and 9.1.0.5.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-23941", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09966", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-23941" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23941", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23941" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130912", "reference_id": "1130912", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130912" }, { "reference_url": "https://github.com/erlang/otp/commit/a4b46336fd25aa100ac602eb9a627aaead7eda18", "reference_id": "a4b46336fd25aa100ac602eb9a627aaead7eda18", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-13T16:00:50Z/" } ], "url": "https://github.com/erlang/otp/commit/a4b46336fd25aa100ac602eb9a627aaead7eda18" }, { "reference_url": "https://github.com/erlang/otp/commit/a761d391d8d08316cbd7d4a86733ba932b73c45b", "reference_id": "a761d391d8d08316cbd7d4a86733ba932b73c45b", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-13T16:00:50Z/" } ], "url": "https://github.com/erlang/otp/commit/a761d391d8d08316cbd7d4a86733ba932b73c45b" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*" }, { "reference_url": "https://cna.erlef.org/cves/CVE-2026-23941.html", "reference_id": "CVE-2026-23941.html", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-13T16:00:50Z/" } ], "url": "https://cna.erlef.org/cves/CVE-2026-23941.html" }, { "reference_url": "https://github.com/erlang/otp/commit/e775a332f623851385ab6ddb866d9b150612ddf6", "reference_id": "e775a332f623851385ab6ddb866d9b150612ddf6", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-13T16:00:50Z/" } ], "url": "https://github.com/erlang/otp/commit/e775a332f623851385ab6ddb866d9b150612ddf6" }, { "reference_url": "https://osv.dev/vulnerability/EEF-CVE-2026-23941", "reference_id": "EEF-CVE-2026-23941", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-13T16:00:50Z/" } ], "url": "https://osv.dev/vulnerability/EEF-CVE-2026-23941" }, { "reference_url": "https://github.com/erlang/otp/security/advisories/GHSA-w4jc-9wpv-pqh7", "reference_id": "GHSA-w4jc-9wpv-pqh7", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-13T16:00:50Z/" } ], "url": "https://github.com/erlang/otp/security/advisories/GHSA-w4jc-9wpv-pqh7" }, { "reference_url": "https://www.erlang.org/doc/system/versions.html#order-of-versions", "reference_id": "versions.html#order-of-versions", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-13T16:00:50Z/" } ], "url": "https://www.erlang.org/doc/system/versions.html#order-of-versions" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/343086?format=api", "purl": "pkg:deb/debian/erlang@1:23.2.6%2Bdfsg-1%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-4ny1-ztaq-yudj" }, { "vulnerability": "VCID-5vxe-1smj-fyck" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" }, { "vulnerability": "VCID-d2mt-nbtf-b3fy" }, { "vulnerability": "VCID-h7x2-fxke-tkdp" }, { "vulnerability": "VCID-qqzg-7f84-4fhz" }, { "vulnerability": "VCID-ws6x-zs8f-b3d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:23.2.6%252Bdfsg-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343114?format=api", "purl": "pkg:deb/debian/erlang@1:23.2.6%2Bdfsg-1%2Bdeb11u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:23.2.6%252Bdfsg-1%252Bdeb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343084?format=api", "purl": "pkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-4ny1-ztaq-yudj" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" }, { "vulnerability": "VCID-h7x2-fxke-tkdp" }, { "vulnerability": "VCID-qqzg-7f84-4fhz" }, { "vulnerability": "VCID-ws6x-zs8f-b3d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:25.2.3%252Bdfsg-1%252Bdeb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343089?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.1%2Bdfsg-1%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-4ny1-ztaq-yudj" }, { "vulnerability": "VCID-4qr6-9z6u-ekb3" }, { "vulnerability": "VCID-7xvh-aqcu-uyb4" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" }, { "vulnerability": "VCID-qqzg-7f84-4fhz" }, { "vulnerability": "VCID-ws6x-zs8f-b3d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.1%252Bdfsg-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343116?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.9%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.9%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343087?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.11%2Bdfsg-7?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-7xvh-aqcu-uyb4" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.11%252Bdfsg-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343088?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.12%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.12%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-23941" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nwj4-gjte-qyhd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89943?format=api", "vulnerability_id": "VCID-py26-h7q6-6yd1", "summary": "A local privilege escalation vulnerability was discovered in Erlang/OTP prior to version 23.2.3. By adding files to an existing installation's directory, a local attacker could hijack accounts of other users running Erlang programs or possibly coerce a service running with \"erlsrv.exe\" to execute arbitrary code as Local System. This can occur only under specific conditions on Windows with unsafe filesystem permissions.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-29221", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11939", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-29221" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/343101?format=api", "purl": "pkg:deb/debian/erlang@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343086?format=api", "purl": "pkg:deb/debian/erlang@1:23.2.6%2Bdfsg-1%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-4ny1-ztaq-yudj" }, { "vulnerability": "VCID-5vxe-1smj-fyck" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" }, { "vulnerability": "VCID-d2mt-nbtf-b3fy" }, { "vulnerability": "VCID-h7x2-fxke-tkdp" }, { "vulnerability": "VCID-qqzg-7f84-4fhz" }, { "vulnerability": "VCID-ws6x-zs8f-b3d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:23.2.6%252Bdfsg-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343084?format=api", "purl": "pkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-4ny1-ztaq-yudj" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" }, { "vulnerability": "VCID-h7x2-fxke-tkdp" }, { "vulnerability": "VCID-qqzg-7f84-4fhz" }, { "vulnerability": "VCID-ws6x-zs8f-b3d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:25.2.3%252Bdfsg-1%252Bdeb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343089?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.1%2Bdfsg-1%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-4ny1-ztaq-yudj" }, { "vulnerability": "VCID-4qr6-9z6u-ekb3" }, { "vulnerability": "VCID-7xvh-aqcu-uyb4" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" }, { "vulnerability": "VCID-qqzg-7f84-4fhz" }, { "vulnerability": "VCID-ws6x-zs8f-b3d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.1%252Bdfsg-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343087?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.11%2Bdfsg-7?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-7xvh-aqcu-uyb4" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.11%252Bdfsg-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343088?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.12%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.12%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-29221" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-py26-h7q6-6yd1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/86740?format=api", "vulnerability_id": "VCID-qqzg-7f84-4fhz", "summary": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP ssh (ssh_sftpd module) allows an authenticated SFTP user to modify file attributes outside the configured chroot directory. The SFTP daemon (ssh_sftpd) stores the raw, user-supplied path in file handles instead of the chroot-resolved path. When SSH_FXP_FSETSTAT is issued on such a handle, file attributes (permissions, ownership, timestamps) are modified on the real filesystem path, bypassing the root directory boundary entirely. Any authenticated SFTP user on a server configured with the root option can modify file attributes of files outside the intended chroot boundary. The prerequisite is that a target file must exist on the real filesystem at the same relative path. Note that this vulnerability only allows modification of file attributes; file contents cannot be read or altered through this attack vector. If the SSH daemon runs as root, this enables direct privilege escalation: an attacker can set the setuid bit on any binary, change ownership of sensitive files, or make system configuration world-writable. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl and program routines ssh_sftpd:do_open/4 and ssh_sftpd:handle_op/4. This issue affects OTP from OTP 17.0 until OTP 28.4.3, 27.3.4.11, and 26.2.5.20 corresponding to ssh from 3.01 until 5.5.3, 5.2.11.7, and 5.1.4.15.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-32147", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.05173", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-32147" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32147", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32147" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/erlang/otp/commit/28c5d5a6c5f873dc701b597276271763e7d1c004", "reference_id": "28c5d5a6c5f873dc701b597276271763e7d1c004", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T13:11:06Z/" } ], "url": "https://github.com/erlang/otp/commit/28c5d5a6c5f873dc701b597276271763e7d1c004" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*" }, { "reference_url": "https://cna.erlef.org/cves/CVE-2026-32147.html", "reference_id": "CVE-2026-32147.html", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T13:11:06Z/" } ], "url": "https://cna.erlef.org/cves/CVE-2026-32147.html" }, { "reference_url": "https://osv.dev/vulnerability/EEF-CVE-2026-32147", "reference_id": "EEF-CVE-2026-32147", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T13:11:06Z/" } ], "url": "https://osv.dev/vulnerability/EEF-CVE-2026-32147" }, { "reference_url": "https://github.com/erlang/otp/security/advisories/GHSA-28jg-mw9x-hpm5", "reference_id": "GHSA-28jg-mw9x-hpm5", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T13:11:06Z/" } ], "url": "https://github.com/erlang/otp/security/advisories/GHSA-28jg-mw9x-hpm5" }, { "reference_url": "https://www.erlang.org/doc/system/versions.html#order-of-versions", "reference_id": "versions.html#order-of-versions", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T13:11:06Z/" } ], "url": "https://www.erlang.org/doc/system/versions.html#order-of-versions" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/343118?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.11%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.11%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343087?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.11%2Bdfsg-7?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-7xvh-aqcu-uyb4" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.11%252Bdfsg-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343088?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.12%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.12%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-32147" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qqzg-7f84-4fhz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/27349?format=api", "vulnerability_id": "VCID-r7kk-7uc2-zyab", "summary": "erlang: ssl fails to validate incorrect extened key usage", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-53846.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-53846.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-53846", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.18039", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-53846" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2330624", "reference_id": "2330624", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2330624" }, { "reference_url": "https://github.com/erlang/otp/security/advisories/GHSA-qw6r-qh9v-638v", "reference_id": "GHSA-qw6r-qh9v-638v", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-06T16:04:29Z/" } ], "url": "https://github.com/erlang/otp/security/advisories/GHSA-qw6r-qh9v-638v" }, { "reference_url": "https://usn.ubuntu.com/7961-1/", "reference_id": "USN-7961-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7961-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/343101?format=api", "purl": "pkg:deb/debian/erlang@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343086?format=api", "purl": "pkg:deb/debian/erlang@1:23.2.6%2Bdfsg-1%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-4ny1-ztaq-yudj" }, { "vulnerability": "VCID-5vxe-1smj-fyck" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" }, { "vulnerability": "VCID-d2mt-nbtf-b3fy" }, { "vulnerability": "VCID-h7x2-fxke-tkdp" }, { "vulnerability": "VCID-qqzg-7f84-4fhz" }, { "vulnerability": "VCID-ws6x-zs8f-b3d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:23.2.6%252Bdfsg-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343084?format=api", "purl": "pkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-4ny1-ztaq-yudj" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" }, { "vulnerability": "VCID-h7x2-fxke-tkdp" }, { "vulnerability": "VCID-qqzg-7f84-4fhz" }, { "vulnerability": "VCID-ws6x-zs8f-b3d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:25.2.3%252Bdfsg-1%252Bdeb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343106?format=api", "purl": "pkg:deb/debian/erlang@1:27.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343089?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.1%2Bdfsg-1%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-4ny1-ztaq-yudj" }, { "vulnerability": "VCID-4qr6-9z6u-ekb3" }, { "vulnerability": "VCID-7xvh-aqcu-uyb4" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" }, { "vulnerability": "VCID-qqzg-7f84-4fhz" }, { "vulnerability": "VCID-ws6x-zs8f-b3d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.1%252Bdfsg-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343087?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.11%2Bdfsg-7?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-7xvh-aqcu-uyb4" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.11%252Bdfsg-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343088?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.12%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.12%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-53846" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r7kk-7uc2-zyab" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36114?format=api", "vulnerability_id": "VCID-t139-hf7z-sfbc", "summary": "ssh: Prefix truncation attack on Binary Packet Protocol (BPP)", "references": [ { "reference_url": "http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-48795.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-48795.json" }, { "reference_url": "https://access.redhat.com/security/cve/cve-2023-48795", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://access.redhat.com/security/cve/cve-2023-48795" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-48795", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.54214", "scoring_system": "epss", "scoring_elements": "0.98062", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-48795" }, { "reference_url": "https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack" }, { "reference_url": "https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/" }, { "reference_url": "https://bugs.gentoo.org/920280", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://bugs.gentoo.org/920280" }, { "reference_url": "https://bugzilla.suse.com/show_bug.cgi?id=1217950", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1217950" }, { "reference_url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html" }, { "reference_url": "https://cert-portal.siemens.com/productcert/html/ssa-364175.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-364175.html" }, { "reference_url": "https://cert-portal.siemens.com/productcert/html/ssa-769027.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-769027.html" }, { "reference_url": "https://cert-portal.siemens.com/productcert/html/ssa-794697.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-794697.html" }, { "reference_url": "https://cert-portal.siemens.com/productcert/html/ssa-915275.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-915275.html" }, { "reference_url": "https://crates.io/crates/thrussh/versions", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://crates.io/crates/thrussh/versions" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51385", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51385" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6004", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6004" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6918", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6918" }, { "reference_url": "http://seclists.org/fulldisclosure/2024/Mar/21", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "http://seclists.org/fulldisclosure/2024/Mar/21" }, { "reference_url": "https://filezilla-project.org/versions.php", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://filezilla-project.org/versions.php" }, { "reference_url": "https://forum.netgate.com/topic/184941/terrapin-ssh-attack", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://forum.netgate.com/topic/184941/terrapin-ssh-attack" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-45x7-px36-x8w8", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://github.com/advisories/GHSA-45x7-px36-x8w8" }, { "reference_url": "https://github.com/apache/mina-sshd/issues/445", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://github.com/apache/mina-sshd/issues/445" }, { "reference_url": "https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab" }, { "reference_url": "https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22" }, { "reference_url": "https://github.com/cyd01/KiTTY/issues/520", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://github.com/cyd01/KiTTY/issues/520" }, { "reference_url": "https://github.com/drakkan/sftpgo/releases/tag/v2.5.6", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://github.com/drakkan/sftpgo/releases/tag/v2.5.6" }, { "reference_url": "https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42" }, { "reference_url": "https://github.com/erlang/otp/releases/tag/OTP-26.2.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://github.com/erlang/otp/releases/tag/OTP-26.2.1" }, { "reference_url": "https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d" }, { "reference_url": "https://github.com/hierynomus/sshj/issues/916", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://github.com/hierynomus/sshj/issues/916" }, { "reference_url": "https://github.com/janmojzis/tinyssh/issues/81", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://github.com/janmojzis/tinyssh/issues/81" }, { "reference_url": "https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5" }, { "reference_url": "https://github.com/libssh2/libssh2/pull/1291", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://github.com/libssh2/libssh2/pull/1291" }, { "reference_url": "https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25" }, { "reference_url": "https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3" }, { "reference_url": "https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15" }, { "reference_url": "https://github.com/mwiede/jsch/issues/457", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://github.com/mwiede/jsch/issues/457" }, { "reference_url": "https://github.com/mwiede/jsch/pull/461", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://github.com/mwiede/jsch/pull/461" }, { "reference_url": "https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16" }, { "reference_url": "https://github.com/NixOS/nixpkgs/pull/275249", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://github.com/NixOS/nixpkgs/pull/275249" }, { "reference_url": "https://github.com/openssh/openssh-portable/commits/master", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://github.com/openssh/openssh-portable/commits/master" }, { "reference_url": "https://github.com/paramiko/paramiko/issues/2337", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://github.com/paramiko/paramiko/issues/2337" }, { "reference_url": "https://github.com/paramiko/paramiko/issues/2337#issuecomment-1887642773", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/paramiko/paramiko/issues/2337#issuecomment-1887642773" }, { "reference_url": "https://github.com/PowerShell/Win32-OpenSSH/issues/2189", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://github.com/PowerShell/Win32-OpenSSH/issues/2189" }, { "reference_url": "https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta" }, { "reference_url": "https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES" }, { "reference_url": "https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES" }, { "reference_url": "https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES" }, { "reference_url": "https://github.com/proftpd/proftpd/issues/456", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://github.com/proftpd/proftpd/issues/456" }, { "reference_url": "https://github.com/rapier1/hpn-ssh/releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://github.com/rapier1/hpn-ssh/releases" }, { "reference_url": "https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst" }, { "reference_url": "https://github.com/ronf/asyncssh/tags", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://github.com/ronf/asyncssh/tags" }, { "reference_url": "https://github.com/ssh-mitm/ssh-mitm/issues/165", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://github.com/ssh-mitm/ssh-mitm/issues/165" }, { "reference_url": "https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0" }, { "reference_url": "https://github.com/TeraTermProject/teraterm/releases/tag/v5.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://github.com/TeraTermProject/teraterm/releases/tag/v5.1" }, { "reference_url": "https://github.com/warp-tech/russh", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/warp-tech/russh" }, { "reference_url": "https://github.com/warp-tech/russh/commit/1aa340a7df1d5be1c0f4a9e247aade76dfdd2951", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/warp-tech/russh/commit/1aa340a7df1d5be1c0f4a9e247aade76dfdd2951" }, { "reference_url": "https://github.com/warp-tech/russh/releases/tag/v0.40.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://github.com/warp-tech/russh/releases/tag/v0.40.2" }, { "reference_url": "https://github.com/warp-tech/russh/security/advisories/GHSA-45x7-px36-x8w8", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/warp-tech/russh/security/advisories/GHSA-45x7-px36-x8w8" }, { "reference_url": "https://gitlab.com/libssh/libssh-mirror/-/tags", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://gitlab.com/libssh/libssh-mirror/-/tags" }, { "reference_url": "https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6" }, { "reference_url": "https://go.dev/cl/550715", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://go.dev/cl/550715" }, { "reference_url": "https://go.dev/issue/64784", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://go.dev/issue/64784" }, { "reference_url": "https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ" }, { "reference_url": "https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg" }, { "reference_url": "https://help.panic.com/releasenotes/transmit5", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://help.panic.com/releasenotes/transmit5" }, { "reference_url": "https://help.panic.com/releasenotes/transmit5/", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://help.panic.com/releasenotes/transmit5/" }, { "reference_url": "https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795" }, { "reference_url": "https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00042.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00042.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00032.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00032.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00028.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00028.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB" }, { "reference_url": "https://matt.ucc.asn.au/dropbear/CHANGES", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://matt.ucc.asn.au/dropbear/CHANGES" }, { "reference_url": "https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC" }, { "reference_url": "https://news.ycombinator.com/item?id=38684904", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://news.ycombinator.com/item?id=38684904" }, { "reference_url": "https://news.ycombinator.com/item?id=38685286", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://news.ycombinator.com/item?id=38685286" }, { "reference_url": "https://news.ycombinator.com/item?id=38732005", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://news.ycombinator.com/item?id=38732005" }, { "reference_url": "https://nova.app/releases/#v11.8", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://nova.app/releases/#v11.8" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795" }, { "reference_url": "https://oryx-embedded.com/download/#changelog", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://oryx-embedded.com/download/#changelog" }, { "reference_url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002" }, { "reference_url": "https://roumenpetrov.info/secsh/#news20231220", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://roumenpetrov.info/secsh/#news20231220" }, { "reference_url": "https://security.gentoo.org/glsa/202312-16", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://security.gentoo.org/glsa/202312-16" }, { "reference_url": "https://security.gentoo.org/glsa/202312-17", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://security.gentoo.org/glsa/202312-17" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240105-0004", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20240105-0004" }, { "reference_url": "https://security-tracker.debian.org/tracker/CVE-2023-48795", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://security-tracker.debian.org/tracker/CVE-2023-48795" }, { "reference_url": "https://security-tracker.debian.org/tracker/source-package/libssh2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://security-tracker.debian.org/tracker/source-package/libssh2" }, { "reference_url": "https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg" }, { "reference_url": "https://security-tracker.debian.org/tracker/source-package/trilead-ssh2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://security-tracker.debian.org/tracker/source-package/trilead-ssh2" }, { "reference_url": "https://support.apple.com/kb/HT214084", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://support.apple.com/kb/HT214084" }, { "reference_url": "https://thorntech.com/cve-2023-48795-and-sftp-gateway", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://thorntech.com/cve-2023-48795-and-sftp-gateway" }, { "reference_url": "https://twitter.com/TrueSkrillor/status/1736774389725565005", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://twitter.com/TrueSkrillor/status/1736774389725565005" }, { "reference_url": "https://ubuntu.com/security/CVE-2023-48795", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://ubuntu.com/security/CVE-2023-48795" }, { "reference_url": "https://winscp.net/eng/docs/history#6.2.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://winscp.net/eng/docs/history#6.2.2" }, { "reference_url": "https://www.bitvise.com/ssh-client-version-history#933", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://www.bitvise.com/ssh-client-version-history#933" }, { "reference_url": "https://www.bitvise.com/ssh-server-version-history", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://www.bitvise.com/ssh-server-version-history" }, { "reference_url": "https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html" }, { "reference_url": "https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5586", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5586" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5588", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5588" }, { "reference_url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc" }, { "reference_url": "https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508" }, { "reference_url": "https://www.netsarang.com/en/xshell-update-history", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.netsarang.com/en/xshell-update-history" }, { "reference_url": "https://www.netsarang.com/en/xshell-update-history/", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://www.netsarang.com/en/xshell-update-history/" }, { "reference_url": "https://www.openssh.com/openbsd.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://www.openssh.com/openbsd.html" }, { "reference_url": "https://www.openssh.com/txt/release-9.6", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://www.openssh.com/txt/release-9.6" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2023/12/18/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://www.openwall.com/lists/oss-security/2023/12/18/2" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2023/12/20/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://www.openwall.com/lists/oss-security/2023/12/20/3" }, { "reference_url": "https://www.paramiko.org/changelog.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://www.paramiko.org/changelog.html" }, { "reference_url": "https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed" }, { "reference_url": "https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/" }, { "reference_url": "https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795" }, { "reference_url": "https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/" }, { "reference_url": "https://www.terrapin-attack.com", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://www.terrapin-attack.com" }, { "reference_url": "https://www.theregister.com/2023/12/20/terrapin_attack_ssh", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://www.theregister.com/2023/12/20/terrapin_attack_ssh" }, { "reference_url": "https://www.vandyke.com/products/securecrt/history.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://www.vandyke.com/products/securecrt/history.txt" }, { "reference_url": "https://www.vicarius.io/vsociety/posts/cve-2023-48795-detect-openssh-vulnerabilit", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.vicarius.io/vsociety/posts/cve-2023-48795-detect-openssh-vulnerabilit" }, { "reference_url": "https://www.vicarius.io/vsociety/posts/cve-2023-48795-mitigate-openssh-vulnerability", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.vicarius.io/vsociety/posts/cve-2023-48795-mitigate-openssh-vulnerability" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/12/18/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/12/18/3" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/12/19/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/12/19/5" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/12/20/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/12/20/3" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/03/06/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/03/06/3" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/04/17/8", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/04/17/8" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059001", "reference_id": "1059001", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059001" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059002", "reference_id": "1059002", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059002" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059003", "reference_id": "1059003", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059003" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059004", "reference_id": "1059004", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059004" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059005", "reference_id": "1059005", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059005" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059006", "reference_id": "1059006", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059006" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059007", "reference_id": "1059007", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059007" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059058", "reference_id": "1059058", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059058" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059144", "reference_id": "1059144", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059144" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059290", "reference_id": "1059290", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059290" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059294", "reference_id": "1059294", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059294" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254210", "reference_id": "2254210", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254210" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/", "reference_id": "33XHJUB6ROFUOH2OQNENFROTVH6MHSHA", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/", "reference_id": "3CAYYW35MUTNO65RVAELICTNZZFMT2XS", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/", "reference_id": "3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/", "reference_id": "6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/", "reference_id": "BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/", "reference_id": "C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/", "reference_id": "CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/" }, { "reference_url": "https://thorntech.com/cve-2023-48795-and-sftp-gateway/", "reference_id": "CVE-2023-48795-AND-SFTP-GATEWAY", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://thorntech.com/cve-2023-48795-and-sftp-gateway/" }, { "reference_url": "https://security.gentoo.org/glsa/202407-11", "reference_id": "GLSA-202407-11", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202407-11" }, { "reference_url": "https://security.gentoo.org/glsa/202407-12", "reference_id": "GLSA-202407-12", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202407-12" }, { "reference_url": "https://security.gentoo.org/glsa/202509-06", "reference_id": "GLSA-202509-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202509-06" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/", "reference_id": "HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/", "reference_id": "I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/", "reference_id": "KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/", "reference_id": "L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/", "reference_id": "LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240105-0004/", "reference_id": "ntap-20240105-0004", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240105-0004/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7197", "reference_id": "RHSA-2023:7197", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7197" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7198", "reference_id": "RHSA-2023:7198", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7198" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7201", "reference_id": "RHSA-2023:7201", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7201" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0040", "reference_id": "RHSA-2024:0040", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0040" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0429", "reference_id": "RHSA-2024:0429", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0429" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0455", "reference_id": "RHSA-2024:0455", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0455" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0499", "reference_id": "RHSA-2024:0499", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0499" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0538", "reference_id": "RHSA-2024:0538", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0538" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0594", "reference_id": "RHSA-2024:0594", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0594" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0606", "reference_id": "RHSA-2024:0606", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0606" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0625", "reference_id": "RHSA-2024:0625", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0625" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0628", "reference_id": "RHSA-2024:0628", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0628" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0766", "reference_id": "RHSA-2024:0766", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0766" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0789", "reference_id": "RHSA-2024:0789", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0789" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0843", "reference_id": "RHSA-2024:0843", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0880", "reference_id": "RHSA-2024:0880", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0880" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0954", "reference_id": "RHSA-2024:0954", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0954" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1130", "reference_id": "RHSA-2024:1130", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1130" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1150", "reference_id": "RHSA-2024:1150", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1150" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1192", "reference_id": "RHSA-2024:1192", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1192" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1193", "reference_id": "RHSA-2024:1193", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1193" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1196", "reference_id": "RHSA-2024:1196", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1196" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1197", "reference_id": "RHSA-2024:1197", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1197" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1210", "reference_id": "RHSA-2024:1210", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1210" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1383", "reference_id": "RHSA-2024:1383", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1383" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1557", "reference_id": "RHSA-2024:1557", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1557" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1859", "reference_id": "RHSA-2024:1859", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1859" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2728", "reference_id": "RHSA-2024:2728", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2728" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2735", "reference_id": "RHSA-2024:2735", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2735" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2768", "reference_id": "RHSA-2024:2768", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2768" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2988", "reference_id": "RHSA-2024:2988", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2988" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3479", "reference_id": "RHSA-2024:3479", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:3479" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3634", "reference_id": "RHSA-2024:3634", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:3634" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3635", "reference_id": "RHSA-2024:3635", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:3635" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3636", "reference_id": "RHSA-2024:3636", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:3636" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3918", "reference_id": "RHSA-2024:3918", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:3918" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4010", "reference_id": "RHSA-2024:4010", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4010" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4151", "reference_id": "RHSA-2024:4151", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4151" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4329", "reference_id": "RHSA-2024:4329", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4329" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4479", "reference_id": "RHSA-2024:4479", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4479" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4484", "reference_id": "RHSA-2024:4484", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4484" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4597", "reference_id": "RHSA-2024:4597", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4597" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4662", "reference_id": "RHSA-2024:4662", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4662" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4955", "reference_id": "RHSA-2024:4955", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4955" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4959", "reference_id": "RHSA-2024:4959", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4959" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5200", "reference_id": "RHSA-2024:5200", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5200" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5432", "reference_id": "RHSA-2024:5432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5432" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5433", "reference_id": "RHSA-2024:5433", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5433" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5438", "reference_id": "RHSA-2024:5438", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5438" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8235", "reference_id": "RHSA-2024:8235", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8235" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4664", "reference_id": "RHSA-2025:4664", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4664" }, { "reference_url": "https://usn.ubuntu.com/6560-1/", "reference_id": "USN-6560-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6560-1/" }, { "reference_url": "https://usn.ubuntu.com/6560-2/", "reference_id": "USN-6560-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6560-2/" }, { "reference_url": "https://usn.ubuntu.com/6561-1/", "reference_id": "USN-6561-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6561-1/" }, { "reference_url": "https://usn.ubuntu.com/6585-1/", "reference_id": "USN-6585-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6585-1/" }, { "reference_url": "https://usn.ubuntu.com/6589-1/", "reference_id": "USN-6589-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6589-1/" }, { "reference_url": "https://usn.ubuntu.com/6598-1/", "reference_id": "USN-6598-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6598-1/" }, { "reference_url": "https://usn.ubuntu.com/6738-1/", "reference_id": "USN-6738-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6738-1/" }, { "reference_url": "https://usn.ubuntu.com/7051-1/", "reference_id": "USN-7051-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7051-1/" }, { "reference_url": "https://usn.ubuntu.com/7292-1/", "reference_id": "USN-7292-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7292-1/" }, { "reference_url": "https://usn.ubuntu.com/7297-1/", "reference_id": "USN-7297-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7297-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/343086?format=api", "purl": "pkg:deb/debian/erlang@1:23.2.6%2Bdfsg-1%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-4ny1-ztaq-yudj" }, { "vulnerability": "VCID-5vxe-1smj-fyck" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" }, { "vulnerability": "VCID-d2mt-nbtf-b3fy" }, { "vulnerability": "VCID-h7x2-fxke-tkdp" }, { "vulnerability": "VCID-qqzg-7f84-4fhz" }, { "vulnerability": "VCID-ws6x-zs8f-b3d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:23.2.6%252Bdfsg-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343104?format=api", "purl": "pkg:deb/debian/erlang@1:23.2.6%2Bdfsg-1%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:23.2.6%252Bdfsg-1%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343103?format=api", "purl": "pkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:25.2.3%252Bdfsg-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343084?format=api", "purl": "pkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-4ny1-ztaq-yudj" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" }, { "vulnerability": "VCID-h7x2-fxke-tkdp" }, { "vulnerability": "VCID-qqzg-7f84-4fhz" }, { "vulnerability": "VCID-ws6x-zs8f-b3d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:25.2.3%252Bdfsg-1%252Bdeb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343105?format=api", "purl": "pkg:deb/debian/erlang@1:25.3.2.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:25.3.2.8%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343089?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.1%2Bdfsg-1%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-4ny1-ztaq-yudj" }, { "vulnerability": "VCID-4qr6-9z6u-ekb3" }, { "vulnerability": "VCID-7xvh-aqcu-uyb4" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" }, { "vulnerability": "VCID-qqzg-7f84-4fhz" }, { "vulnerability": "VCID-ws6x-zs8f-b3d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.1%252Bdfsg-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343087?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.11%2Bdfsg-7?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-7xvh-aqcu-uyb4" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.11%252Bdfsg-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343088?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.12%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.12%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-48795", "GHSA-45x7-px36-x8w8" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t139-hf7z-sfbc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/25711?format=api", "vulnerability_id": "VCID-t88b-xjzm-43a7", "summary": "otp: erlang: SSH SFTP packet size not verified properly in Erlang OTP", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-26618.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-26618.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-26618", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00343", "scoring_system": "epss", "scoring_elements": "0.57136", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-26618" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26618", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26618" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/erlang/otp/commit/0ed2573cbd55c92e9125c9dc70fa1ca7fed82872", "reference_id": "0ed2573cbd55c92e9125c9dc70fa1ca7fed82872", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-20T20:55:12Z/" } ], "url": "https://github.com/erlang/otp/commit/0ed2573cbd55c92e9125c9dc70fa1ca7fed82872" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2346900", "reference_id": "2346900", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2346900" }, { "reference_url": "https://github.com/erlang/otp/security/advisories/GHSA-78cv-45vx-q6fr", "reference_id": "GHSA-78cv-45vx-q6fr", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-20T20:55:12Z/" } ], "url": "https://github.com/erlang/otp/security/advisories/GHSA-78cv-45vx-q6fr" }, { "reference_url": "https://usn.ubuntu.com/7313-1/", "reference_id": "USN-7313-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7313-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/343086?format=api", "purl": "pkg:deb/debian/erlang@1:23.2.6%2Bdfsg-1%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-4ny1-ztaq-yudj" }, { "vulnerability": "VCID-5vxe-1smj-fyck" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" }, { "vulnerability": "VCID-d2mt-nbtf-b3fy" }, { "vulnerability": "VCID-h7x2-fxke-tkdp" }, { "vulnerability": "VCID-qqzg-7f84-4fhz" }, { "vulnerability": "VCID-ws6x-zs8f-b3d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:23.2.6%252Bdfsg-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343104?format=api", "purl": "pkg:deb/debian/erlang@1:23.2.6%2Bdfsg-1%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:23.2.6%252Bdfsg-1%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343103?format=api", "purl": "pkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:25.2.3%252Bdfsg-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343084?format=api", "purl": "pkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-4ny1-ztaq-yudj" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" }, { "vulnerability": "VCID-h7x2-fxke-tkdp" }, { "vulnerability": "VCID-qqzg-7f84-4fhz" }, { "vulnerability": "VCID-ws6x-zs8f-b3d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:25.2.3%252Bdfsg-1%252Bdeb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343107?format=api", "purl": "pkg:deb/debian/erlang@1:27.2.4%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.2.4%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343089?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.1%2Bdfsg-1%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-4ny1-ztaq-yudj" }, { "vulnerability": "VCID-4qr6-9z6u-ekb3" }, { "vulnerability": "VCID-7xvh-aqcu-uyb4" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" }, { "vulnerability": "VCID-qqzg-7f84-4fhz" }, { "vulnerability": "VCID-ws6x-zs8f-b3d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.1%252Bdfsg-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343087?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.11%2Bdfsg-7?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-7xvh-aqcu-uyb4" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.11%252Bdfsg-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343088?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.12%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.12%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-26618" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t88b-xjzm-43a7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9591?format=api", "vulnerability_id": "VCID-vqax-fdy8-gkcv", "summary": "erlang: Erlang OTP tftp_file modules: Information disclosure via relative path traversal", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-21620.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-21620.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-21620", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.1216", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-21620" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21620", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21620" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/erlang/otp/pull/10706", "reference_id": "10706", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-20T13:36:03Z/" } ], "url": "https://github.com/erlang/otp/pull/10706" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128651", "reference_id": "1128651", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128651" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441326", "reference_id": "2441326", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441326" }, { "reference_url": "https://github.com/erlang/otp/commit/3970738f687325138eb75f798054fa8960ac354e", "reference_id": "3970738f687325138eb75f798054fa8960ac354e", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-20T13:36:03Z/" } ], "url": "https://github.com/erlang/otp/commit/3970738f687325138eb75f798054fa8960ac354e" }, { "reference_url": "https://github.com/erlang/otp/commit/655fb95725ba2fb811740b57e106873833824344", "reference_id": "655fb95725ba2fb811740b57e106873833824344", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-20T13:36:03Z/" } ], "url": "https://github.com/erlang/otp/commit/655fb95725ba2fb811740b57e106873833824344" }, { "reference_url": "https://github.com/erlang/otp/commit/696fdec922661d4a3cc528fc34bc24fae8d4ad8a", "reference_id": "696fdec922661d4a3cc528fc34bc24fae8d4ad8a", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-20T13:36:03Z/" } ], "url": "https://github.com/erlang/otp/commit/696fdec922661d4a3cc528fc34bc24fae8d4ad8a" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*" }, { "reference_url": "https://cna.erlef.org/cves/CVE-2026-21620.html", "reference_id": "CVE-2026-21620.html", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-20T13:36:03Z/" } ], "url": "https://cna.erlef.org/cves/CVE-2026-21620.html" }, { "reference_url": "https://osv.dev/vulnerability/EEF-CVE-2026-21620", "reference_id": "EEF-CVE-2026-21620", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-20T13:36:03Z/" } ], "url": "https://osv.dev/vulnerability/EEF-CVE-2026-21620" }, { "reference_url": "https://github.com/erlang/otp/security/advisories/GHSA-hmrc-prh3-rpvp", "reference_id": "GHSA-hmrc-prh3-rpvp", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-20T13:36:03Z/" } ], "url": "https://github.com/erlang/otp/security/advisories/GHSA-hmrc-prh3-rpvp" }, { "reference_url": "https://www.erlang.org/doc/system/versions.html#order-of-versions", "reference_id": "versions.html#order-of-versions", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-20T13:36:03Z/" } ], "url": "https://www.erlang.org/doc/system/versions.html#order-of-versions" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/343086?format=api", "purl": "pkg:deb/debian/erlang@1:23.2.6%2Bdfsg-1%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-4ny1-ztaq-yudj" }, { "vulnerability": "VCID-5vxe-1smj-fyck" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" }, { "vulnerability": "VCID-d2mt-nbtf-b3fy" }, { "vulnerability": "VCID-h7x2-fxke-tkdp" }, { "vulnerability": "VCID-qqzg-7f84-4fhz" }, { "vulnerability": "VCID-ws6x-zs8f-b3d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:23.2.6%252Bdfsg-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343114?format=api", "purl": "pkg:deb/debian/erlang@1:23.2.6%2Bdfsg-1%2Bdeb11u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:23.2.6%252Bdfsg-1%252Bdeb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343084?format=api", "purl": "pkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-4ny1-ztaq-yudj" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" }, { "vulnerability": "VCID-h7x2-fxke-tkdp" }, { "vulnerability": "VCID-qqzg-7f84-4fhz" }, { "vulnerability": "VCID-ws6x-zs8f-b3d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:25.2.3%252Bdfsg-1%252Bdeb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343089?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.1%2Bdfsg-1%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-4ny1-ztaq-yudj" }, { "vulnerability": "VCID-4qr6-9z6u-ekb3" }, { "vulnerability": "VCID-7xvh-aqcu-uyb4" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" }, { "vulnerability": "VCID-qqzg-7f84-4fhz" }, { "vulnerability": "VCID-ws6x-zs8f-b3d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.1%252Bdfsg-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343115?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.8%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343087?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.11%2Bdfsg-7?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-7xvh-aqcu-uyb4" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.11%252Bdfsg-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343088?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.12%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.12%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-21620" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vqax-fdy8-gkcv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/18258?format=api", "vulnerability_id": "VCID-w7tu-du5n-zuee", "summary": "erlang: Erlang Excessive Use of System Resources", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48039.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48039.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-48039", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.43755", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-48039" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48039", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48039" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/erlang/otp/commit/043ee3c943e2977c1acdd740ad13992fd60b6bf0", "reference_id": "043ee3c943e2977c1acdd740ad13992fd60b6bf0", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T13:30:44Z/" } ], "url": "https://github.com/erlang/otp/commit/043ee3c943e2977c1acdd740ad13992fd60b6bf0" }, { "reference_url": "https://github.com/erlang/otp/pull/10155", "reference_id": "10155", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T13:30:44Z/" } ], "url": "https://github.com/erlang/otp/pull/10155" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1115092", "reference_id": "1115092", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1115092" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2394523", "reference_id": "2394523", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2394523" }, { "reference_url": "https://github.com/erlang/otp/commit/c242e6458967e9514bea351814151695807a54ac", "reference_id": "c242e6458967e9514bea351814151695807a54ac", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T13:30:44Z/" } ], "url": "https://github.com/erlang/otp/commit/c242e6458967e9514bea351814151695807a54ac" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*" }, { "reference_url": "https://cna.erlef.org/cves/CVE-2025-48039.html", "reference_id": "CVE-2025-48039.html", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T13:30:44Z/" } ], "url": "https://cna.erlef.org/cves/CVE-2025-48039.html" }, { "reference_url": "https://osv.dev/vulnerability/EEF-CVE-2025-48039", "reference_id": "EEF-CVE-2025-48039", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T13:30:44Z/" } ], "url": "https://osv.dev/vulnerability/EEF-CVE-2025-48039" }, { "reference_url": "https://github.com/erlang/otp/security/advisories/GHSA-rr5p-6856-j7h8", "reference_id": "GHSA-rr5p-6856-j7h8", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T13:30:44Z/" } ], "url": "https://github.com/erlang/otp/security/advisories/GHSA-rr5p-6856-j7h8" }, { "reference_url": "https://usn.ubuntu.com/7831-1/", "reference_id": "USN-7831-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7831-1/" }, { "reference_url": "https://www.erlang.org/doc/system/versions.html#order-of-versions", "reference_id": "versions.html#order-of-versions", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T13:30:44Z/" } ], "url": "https://www.erlang.org/doc/system/versions.html#order-of-versions" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/343086?format=api", "purl": "pkg:deb/debian/erlang@1:23.2.6%2Bdfsg-1%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-4ny1-ztaq-yudj" }, { "vulnerability": "VCID-5vxe-1smj-fyck" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" }, { "vulnerability": "VCID-d2mt-nbtf-b3fy" }, { "vulnerability": "VCID-h7x2-fxke-tkdp" }, { "vulnerability": "VCID-qqzg-7f84-4fhz" }, { "vulnerability": "VCID-ws6x-zs8f-b3d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:23.2.6%252Bdfsg-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343112?format=api", "purl": "pkg:deb/debian/erlang@1:23.2.6%2Bdfsg-1%2Bdeb11u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:23.2.6%252Bdfsg-1%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343084?format=api", "purl": "pkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-4ny1-ztaq-yudj" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" }, { "vulnerability": "VCID-h7x2-fxke-tkdp" }, { "vulnerability": "VCID-qqzg-7f84-4fhz" }, { "vulnerability": "VCID-ws6x-zs8f-b3d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:25.2.3%252Bdfsg-1%252Bdeb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343095?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.1%2Bdfsg-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.1%252Bdfsg-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343089?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.1%2Bdfsg-1%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-4ny1-ztaq-yudj" }, { "vulnerability": "VCID-4qr6-9z6u-ekb3" }, { "vulnerability": "VCID-7xvh-aqcu-uyb4" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" }, { "vulnerability": "VCID-qqzg-7f84-4fhz" }, { "vulnerability": "VCID-ws6x-zs8f-b3d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.1%252Bdfsg-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343094?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.3%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.3%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343087?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.11%2Bdfsg-7?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-7xvh-aqcu-uyb4" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.11%252Bdfsg-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343088?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.12%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.12%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-48039" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w7tu-du5n-zuee" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6786?format=api", "vulnerability_id": "VCID-ws6x-zs8f-b3d5", "summary": "erlang/otp: inets: Erlang OTP inets modules: Unauthenticated access to protected CGI scripts via incorrect authorization", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28808.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28808.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-28808", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.11236", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-28808" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28808", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28808" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455909", "reference_id": "2455909", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455909" }, { "reference_url": "https://github.com/erlang/otp/commit/8fc71ac6af4fbcc54103bec2983ef22e82942688", "reference_id": "8fc71ac6af4fbcc54103bec2983ef22e82942688", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-07T13:14:10Z/" } ], "url": "https://github.com/erlang/otp/commit/8fc71ac6af4fbcc54103bec2983ef22e82942688" }, { "reference_url": "https://github.com/erlang/otp/commit/9dfa0c51eac97866078e808dec2183cb7871ff7c", "reference_id": "9dfa0c51eac97866078e808dec2183cb7871ff7c", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-07T13:14:10Z/" } ], "url": "https://github.com/erlang/otp/commit/9dfa0c51eac97866078e808dec2183cb7871ff7c" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*" }, { "reference_url": "https://cna.erlef.org/cves/CVE-2026-28808.html", "reference_id": "CVE-2026-28808.html", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-07T13:14:10Z/" } ], "url": "https://cna.erlef.org/cves/CVE-2026-28808.html" }, { "reference_url": "https://osv.dev/vulnerability/EEF-CVE-2026-28808", "reference_id": "EEF-CVE-2026-28808", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-07T13:14:10Z/" } ], "url": "https://osv.dev/vulnerability/EEF-CVE-2026-28808" }, { "reference_url": "https://github.com/erlang/otp/security/advisories/GHSA-3vhp-h532-mc3f", "reference_id": "GHSA-3vhp-h532-mc3f", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-07T13:14:10Z/" } ], "url": "https://github.com/erlang/otp/security/advisories/GHSA-3vhp-h532-mc3f" }, { "reference_url": "https://www.erlang.org/doc/system/versions.html#order-of-versions", "reference_id": "versions.html#order-of-versions", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-07T13:14:10Z/" } ], "url": "https://www.erlang.org/doc/system/versions.html#order-of-versions" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/343117?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.10%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.10%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343087?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.11%2Bdfsg-7?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-7xvh-aqcu-uyb4" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.11%252Bdfsg-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343088?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.12%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.12%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-28808" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ws6x-zs8f-b3d5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/71633?format=api", "vulnerability_id": "VCID-x6pd-2arc-gqdq", "summary": "HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3389.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3389.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3389", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03832", "scoring_system": "epss", "scoring_elements": "0.88348", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3389" }, { "reference_url": "https://curl.se/docs/CVE-2011-3389.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2011-3389.html" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=737506", "reference_id": "737506", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=737506" }, { "reference_url": "https://security.gentoo.org/glsa/201111-02", "reference_id": "GLSA-201111-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201111-02" }, { "reference_url": "https://security.gentoo.org/glsa/201203-02", "reference_id": "GLSA-201203-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201203-02" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://security.gentoo.org/glsa/201406-32", "reference_id": "GLSA-201406-32", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201406-32" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1380", "reference_id": "RHSA-2011:1380", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1380" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1384", "reference_id": "RHSA-2011:1384", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1384" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0006", "reference_id": "RHSA-2012:0006", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0006" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0034", "reference_id": "RHSA-2012:0034", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0034" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0343", "reference_id": "RHSA-2012:0343", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0343" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0508", "reference_id": "RHSA-2012:0508", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0508" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1455", "reference_id": "RHSA-2013:1455", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1455" }, { "reference_url": "https://usn.ubuntu.com/1263-1/", "reference_id": "USN-1263-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1263-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/343090?format=api", "purl": "pkg:deb/debian/erlang@1:15.b-dfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:15.b-dfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343086?format=api", "purl": "pkg:deb/debian/erlang@1:23.2.6%2Bdfsg-1%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-4ny1-ztaq-yudj" }, { "vulnerability": "VCID-5vxe-1smj-fyck" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" }, { "vulnerability": "VCID-d2mt-nbtf-b3fy" }, { "vulnerability": "VCID-h7x2-fxke-tkdp" }, { "vulnerability": "VCID-qqzg-7f84-4fhz" }, { "vulnerability": "VCID-ws6x-zs8f-b3d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:23.2.6%252Bdfsg-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343084?format=api", "purl": "pkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-4ny1-ztaq-yudj" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" }, { "vulnerability": "VCID-h7x2-fxke-tkdp" }, { "vulnerability": "VCID-qqzg-7f84-4fhz" }, { "vulnerability": "VCID-ws6x-zs8f-b3d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:25.2.3%252Bdfsg-1%252Bdeb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343089?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.1%2Bdfsg-1%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-4ny1-ztaq-yudj" }, { "vulnerability": "VCID-4qr6-9z6u-ekb3" }, { "vulnerability": "VCID-7xvh-aqcu-uyb4" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" }, { "vulnerability": "VCID-qqzg-7f84-4fhz" }, { "vulnerability": "VCID-ws6x-zs8f-b3d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.1%252Bdfsg-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343087?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.11%2Bdfsg-7?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-7xvh-aqcu-uyb4" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.11%252Bdfsg-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343088?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.12%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.12%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2011-3389" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x6pd-2arc-gqdq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/68314?format=api", "vulnerability_id": "VCID-xet9-63wg-3fgw", "summary": "SSL/TLS: Padding Oracle On Downgraded Legacy Encryption attack", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3566.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3566.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3566", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.93538", "scoring_system": "epss", "scoring_elements": "0.99837", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3566" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4929", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4929" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6585", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6585" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6587", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6587" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6591", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6591" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6593", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6593" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6601", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6601" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0383", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0383" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0395", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0395" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0407", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0407" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0408", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0408" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0410", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0410" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0412", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0412" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html", "reference_id": "0101.html", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html" }, { "reference_url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1015-security-advisory-7", "reference_id": "1015-security-advisory-7", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1015-security-advisory-7" }, { "reference_url": "http://www.securitytracker.com/id/1031029", "reference_id": "1031029", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://www.securitytracker.com/id/1031029" }, { "reference_url": "http://www.securitytracker.com/id/1031039", "reference_id": "1031039", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://www.securitytracker.com/id/1031039" }, { "reference_url": "http://www.securitytracker.com/id/1031085", "reference_id": "1031085", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://www.securitytracker.com/id/1031085" }, { "reference_url": "http://www.securitytracker.com/id/1031086", "reference_id": "1031086", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://www.securitytracker.com/id/1031086" }, { "reference_url": "http://www.securitytracker.com/id/1031087", "reference_id": "1031087", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://www.securitytracker.com/id/1031087" }, { "reference_url": "http://www.securitytracker.com/id/1031088", "reference_id": "1031088", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://www.securitytracker.com/id/1031088" }, { "reference_url": "http://www.securitytracker.com/id/1031089", "reference_id": "1031089", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://www.securitytracker.com/id/1031089" }, { "reference_url": "http://www.securitytracker.com/id/1031090", "reference_id": "1031090", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://www.securitytracker.com/id/1031090" }, { "reference_url": "http://www.securitytracker.com/id/1031091", "reference_id": "1031091", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://www.securitytracker.com/id/1031091" }, { "reference_url": "http://www.securitytracker.com/id/1031092", "reference_id": "1031092", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://www.securitytracker.com/id/1031092" }, { "reference_url": "http://www.securitytracker.com/id/1031093", "reference_id": "1031093", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://www.securitytracker.com/id/1031093" }, { "reference_url": "http://www.securitytracker.com/id/1031094", "reference_id": "1031094", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://www.securitytracker.com/id/1031094" }, { "reference_url": "http://www.securitytracker.com/id/1031095", "reference_id": "1031095", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://www.securitytracker.com/id/1031095" }, { "reference_url": "http://www.securitytracker.com/id/1031096", "reference_id": "1031096", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://www.securitytracker.com/id/1031096" }, { "reference_url": "http://www.securitytracker.com/id/1031105", "reference_id": "1031105", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://www.securitytracker.com/id/1031105" }, { "reference_url": "http://www.securitytracker.com/id/1031106", "reference_id": "1031106", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://www.securitytracker.com/id/1031106" }, { "reference_url": "http://www.securitytracker.com/id/1031107", "reference_id": "1031107", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://www.securitytracker.com/id/1031107" }, { "reference_url": "http://www.securitytracker.com/id/1031120", "reference_id": "1031120", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://www.securitytracker.com/id/1031120" }, { "reference_url": "http://www.securitytracker.com/id/1031123", "reference_id": "1031123", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://www.securitytracker.com/id/1031123" }, { "reference_url": "http://www.securitytracker.com/id/1031124", "reference_id": "1031124", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://www.securitytracker.com/id/1031124" }, { "reference_url": "http://www.securitytracker.com/id/1031130", "reference_id": "1031130", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://www.securitytracker.com/id/1031130" }, { "reference_url": "http://www.securitytracker.com/id/1031131", "reference_id": "1031131", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://www.securitytracker.com/id/1031131" }, { "reference_url": "http://www.securitytracker.com/id/1031132", "reference_id": "1031132", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://www.securitytracker.com/id/1031132" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1152789", "reference_id": "1152789", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1152789" }, { "reference_url": "https://access.redhat.com/articles/1232123", "reference_id": "1232123", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "https://access.redhat.com/articles/1232123" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141114.html", "reference_id": "141114.html", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141114.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141158.html", "reference_id": "141158.html", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141158.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-November/142330.html", "reference_id": "142330.html", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-November/142330.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169361.html", "reference_id": "169361.html", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169361.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169374.html", "reference_id": "169374.html", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169374.html" }, { "reference_url": "https://www.dfranke.us/posts/2014-10-14-how-poodle-happened.html", "reference_id": "2014-10-14-how-poodle-happened.html", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "https://www.dfranke.us/posts/2014-10-14-how-poodle-happened.html" }, { "reference_url": "https://technet.microsoft.com/library/security/3009008.aspx", "reference_id": "3009008.aspx", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "https://technet.microsoft.com/library/security/3009008.aspx" }, { "reference_url": "http://www.securityfocus.com/archive/1/533746", "reference_id": "533746", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://www.securityfocus.com/archive/1/533746" }, { "reference_url": "http://www.securityfocus.com/archive/1/533747", "reference_id": "533747", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://www.securityfocus.com/archive/1/533747" }, { "reference_url": "http://www.kb.cert.org/vuls/id/577193", "reference_id": "577193", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://www.kb.cert.org/vuls/id/577193" }, { "reference_url": "http://secunia.com/advisories/59627", "reference_id": "59627", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://secunia.com/advisories/59627" }, { "reference_url": "http://secunia.com/advisories/60056", "reference_id": "60056", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://secunia.com/advisories/60056" }, { "reference_url": "http://secunia.com/advisories/60206", "reference_id": "60206", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://secunia.com/advisories/60206" }, { "reference_url": "http://secunia.com/advisories/60792", "reference_id": "60792", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://secunia.com/advisories/60792" }, { "reference_url": "http://secunia.com/advisories/60859", "reference_id": "60859", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://secunia.com/advisories/60859" }, { "reference_url": "http://secunia.com/advisories/61019", "reference_id": "61019", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://secunia.com/advisories/61019" }, { "reference_url": "http://secunia.com/advisories/61130", "reference_id": "61130", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://secunia.com/advisories/61130" }, { "reference_url": "http://secunia.com/advisories/61303", "reference_id": "61303", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://secunia.com/advisories/61303" }, { "reference_url": "http://secunia.com/advisories/61316", "reference_id": "61316", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://secunia.com/advisories/61316" }, { "reference_url": "http://secunia.com/advisories/61345", "reference_id": "61345", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://secunia.com/advisories/61345" }, { "reference_url": "http://secunia.com/advisories/61359", "reference_id": "61359", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://secunia.com/advisories/61359" }, { "reference_url": "http://secunia.com/advisories/61782", "reference_id": "61782", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://secunia.com/advisories/61782" }, { "reference_url": "http://secunia.com/advisories/61810", "reference_id": "61810", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://secunia.com/advisories/61810" }, { "reference_url": "http://secunia.com/advisories/61819", "reference_id": "61819", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://secunia.com/advisories/61819" }, { "reference_url": "http://secunia.com/advisories/61825", "reference_id": "61825", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://secunia.com/advisories/61825" }, { "reference_url": "http://secunia.com/advisories/61827", "reference_id": "61827", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://secunia.com/advisories/61827" }, { "reference_url": "http://secunia.com/advisories/61926", "reference_id": "61926", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://secunia.com/advisories/61926" }, { "reference_url": "http://secunia.com/advisories/61995", "reference_id": "61995", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://secunia.com/advisories/61995" }, { "reference_url": "http://www.securityfocus.com/bid/70574", "reference_id": "70574", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://www.securityfocus.com/bid/70574" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765539", "reference_id": "765539", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765539" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765702", "reference_id": "765702", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765702" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768164", "reference_id": "768164", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768164" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=769904", "reference_id": "769904", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=769904" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771359", "reference_id": "771359", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771359" }, { "reference_url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:203", "reference_id": "advisories?name=MDVSA-2014:203", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:203" }, { "reference_url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062", "reference_id": "advisories?name=MDVSA-2015:062", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062" }, { "reference_url": "http://downloads.asterisk.org/pub/security/AST-2014-011.html", "reference_id": "AST-2014-011.html", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://downloads.asterisk.org/pub/security/AST-2014-011.html" }, { "reference_url": "http://blog.cryptographyengineering.com/2014/10/attack-of-week-poodle.html", "reference_id": "attack-of-week-poodle.html", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://blog.cryptographyengineering.com/2014/10/attack-of-week-poodle.html" }, { "reference_url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-poodle", "reference_id": "cisco-sa-20141015-poodle", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-poodle" }, { "reference_url": "http://support.citrix.com/article/CTX200238", "reference_id": "CTX200238", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://support.citrix.com/article/CTX200238" }, { "reference_url": "https://support.citrix.com/article/CTX216642", "reference_id": "CTX216642", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "https://support.citrix.com/article/CTX216642" }, { "reference_url": "http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3566.html", "reference_id": "CVE-2014-3566.html", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3566.html" }, { "reference_url": "https://devcentral.f5.com/articles/cve-2014-3566-removing-sslv3-from-big-ip", "reference_id": "cve-2014-3566-removing-sslv3-from-big-ip", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "https://devcentral.f5.com/articles/cve-2014-3566-removing-sslv3-from-big-ip" }, { "reference_url": "http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04583581", "reference_id": "display?docId=emr_na-c04583581", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04583581" }, { "reference_url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034", "reference_id": "display?docId=emr_na-c04779034", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034" }, { "reference_url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04819635", "reference_id": "docDisplay?docId=emr_na-c04819635", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04819635" }, { "reference_url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05068681", "reference_id": "docDisplay?docId=emr_na-c05068681", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05068681" }, { "reference_url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667", "reference_id": "docDisplay?docId=emr_na-c05157667", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667" }, { "reference_url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946", "reference_id": "docDisplay?docId=emr_na-c05301946", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946" }, { "reference_url": "https://www.suse.com/support/kb/doc.php?id=7015773", "reference_id": "doc.php?id=7015773", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "https://www.suse.com/support/kb/doc.php?id=7015773" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021431", "reference_id": "docview.wss?uid=isg3T1021431", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021431" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021439", "reference_id": "docview.wss?uid=isg3T1021439", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021439" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997", "reference_id": "docview.wss?uid=swg21686997", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=swg21687172", "reference_id": "docview.wss?uid=swg21687172", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21687172" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=swg21687611", "reference_id": "docview.wss?uid=swg21687611", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21687611" }, { "reference_url": "https://www-01.ibm.com/support/docview.wss?uid=swg21688165", "reference_id": "docview.wss?uid=swg21688165", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21688165" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=swg21688283", "reference_id": "docview.wss?uid=swg21688283", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21688283" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=swg21692299", "reference_id": "docview.wss?uid=swg21692299", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21692299" }, { "reference_url": "http://www.debian.org/security/2014/dsa-3053", "reference_id": "dsa-3053", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://www.debian.org/security/2014/dsa-3053" }, { "reference_url": "http://www.debian.org/security/2015/dsa-3144", "reference_id": "dsa-3144", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://www.debian.org/security/2015/dsa-3144" }, { "reference_url": "http://www.debian.org/security/2015/dsa-3147", "reference_id": "dsa-3147", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://www.debian.org/security/2015/dsa-3147" }, { "reference_url": "http://www.debian.org/security/2016/dsa-3489", "reference_id": "dsa-3489", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://www.debian.org/security/2016/dsa-3489" }, { "reference_url": "https://security.gentoo.org/glsa/201411-10", "reference_id": "GLSA-201411-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201411-10" }, { "reference_url": "https://security.gentoo.org/glsa/201507-14", "reference_id": "GLSA-201507-14", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "https://security.gentoo.org/glsa/201507-14" }, { "reference_url": "https://security.gentoo.org/glsa/201606-11", "reference_id": "GLSA-201606-11", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "https://security.gentoo.org/glsa/201606-11" }, { "reference_url": "http://askubuntu.com/questions/537196/how-do-i-patch-workaround-sslv3-poodle-vulnerability-cve-2014-3566", "reference_id": "how-do-i-patch-workaround-sslv3-poodle-vulnerability-cve-2014-3566", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://askubuntu.com/questions/537196/how-do-i-patch-workaround-sslv3-poodle-vulnerability-cve-2014-3566" }, { "reference_url": "http://support.apple.com/HT204244", "reference_id": "HT204244", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://support.apple.com/HT204244" }, { "reference_url": "https://support.apple.com/kb/HT6527", "reference_id": "HT6527", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "https://support.apple.com/kb/HT6527" }, { "reference_url": "https://support.apple.com/kb/HT6529", "reference_id": "HT6529", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "https://support.apple.com/kb/HT6529" }, { "reference_url": "https://support.apple.com/kb/HT6531", "reference_id": "HT6531", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "https://support.apple.com/kb/HT6531" }, { "reference_url": "https://support.apple.com/kb/HT6535", "reference_id": "HT6535", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "https://support.apple.com/kb/HT6535" }, { "reference_url": "https://support.apple.com/kb/HT6541", "reference_id": "HT6541", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "https://support.apple.com/kb/HT6541" }, { "reference_url": "https://support.apple.com/kb/HT6542", "reference_id": "HT6542", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "https://support.apple.com/kb/HT6542" }, { "reference_url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-405500.htm", "reference_id": "hw-405500.htm", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-405500.htm" }, { "reference_url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02", "reference_id": "ICSMA-18-058-02", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02" }, { "reference_url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705", "reference_id": "index?page=content&id=JSA10705", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705" }, { "reference_url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10090", "reference_id": "index?page=content&id=SB10090", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10090" }, { "reference_url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10091", "reference_id": "index?page=content&id=SB10091", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10091" }, { "reference_url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10104", "reference_id": "index?page=content&id=SB10104", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10104" }, { "reference_url": "http://marc.info/?l=bugtraq&m=141450452204552&w=2", "reference_id": "?l=bugtraq&m=141450452204552&w=2", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://marc.info/?l=bugtraq&m=141450452204552&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=141450973807288&w=2", "reference_id": "?l=bugtraq&m=141450973807288&w=2", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://marc.info/?l=bugtraq&m=141450973807288&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=141477196830952&w=2", "reference_id": "?l=bugtraq&m=141477196830952&w=2", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://marc.info/?l=bugtraq&m=141477196830952&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=141576815022399&w=2", "reference_id": "?l=bugtraq&m=141576815022399&w=2", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://marc.info/?l=bugtraq&m=141576815022399&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=141577087123040&w=2", "reference_id": "?l=bugtraq&m=141577087123040&w=2", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://marc.info/?l=bugtraq&m=141577087123040&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=141577350823734&w=2", "reference_id": "?l=bugtraq&m=141577350823734&w=2", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://marc.info/?l=bugtraq&m=141577350823734&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=141620103726640&w=2", "reference_id": "?l=bugtraq&m=141620103726640&w=2", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://marc.info/?l=bugtraq&m=141620103726640&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=141628688425177&w=2", "reference_id": "?l=bugtraq&m=141628688425177&w=2", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://marc.info/?l=bugtraq&m=141628688425177&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=141694355519663&w=2", "reference_id": "?l=bugtraq&m=141694355519663&w=2", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://marc.info/?l=bugtraq&m=141694355519663&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=141697638231025&w=2", "reference_id": "?l=bugtraq&m=141697638231025&w=2", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://marc.info/?l=bugtraq&m=141697638231025&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=141697676231104&w=2", "reference_id": "?l=bugtraq&m=141697676231104&w=2", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://marc.info/?l=bugtraq&m=141697676231104&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=141703183219781&w=2", "reference_id": "?l=bugtraq&m=141703183219781&w=2", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://marc.info/?l=bugtraq&m=141703183219781&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=141715130023061&w=2", "reference_id": "?l=bugtraq&m=141715130023061&w=2", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://marc.info/?l=bugtraq&m=141715130023061&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=141775427104070&w=2", "reference_id": "?l=bugtraq&m=141775427104070&w=2", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://marc.info/?l=bugtraq&m=141775427104070&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=141813976718456&w=2", "reference_id": "?l=bugtraq&m=141813976718456&w=2", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://marc.info/?l=bugtraq&m=141813976718456&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=141814011518700&w=2", "reference_id": "?l=bugtraq&m=141814011518700&w=2", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://marc.info/?l=bugtraq&m=141814011518700&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=141879378918327&w=2", "reference_id": "?l=bugtraq&m=141879378918327&w=2", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://marc.info/?l=bugtraq&m=141879378918327&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=142103967620673&w=2", "reference_id": "?l=bugtraq&m=142103967620673&w=2", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://marc.info/?l=bugtraq&m=142103967620673&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=142118135300698&w=2", "reference_id": "?l=bugtraq&m=142118135300698&w=2", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://marc.info/?l=bugtraq&m=142118135300698&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=142296755107581&w=2", "reference_id": "?l=bugtraq&m=142296755107581&w=2", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://marc.info/?l=bugtraq&m=142296755107581&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=142350196615714&w=2", "reference_id": "?l=bugtraq&m=142350196615714&w=2", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://marc.info/?l=bugtraq&m=142350196615714&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=142350298616097&w=2", "reference_id": "?l=bugtraq&m=142350298616097&w=2", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://marc.info/?l=bugtraq&m=142350298616097&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=142350743917559&w=2", "reference_id": "?l=bugtraq&m=142350743917559&w=2", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://marc.info/?l=bugtraq&m=142350743917559&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=142354438527235&w=2", "reference_id": "?l=bugtraq&m=142354438527235&w=2", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://marc.info/?l=bugtraq&m=142354438527235&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=142357976805598&w=2", "reference_id": "?l=bugtraq&m=142357976805598&w=2", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://marc.info/?l=bugtraq&m=142357976805598&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=142495837901899&w=2", "reference_id": "?l=bugtraq&m=142495837901899&w=2", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://marc.info/?l=bugtraq&m=142495837901899&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=142496355704097&w=2", "reference_id": "?l=bugtraq&m=142496355704097&w=2", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://marc.info/?l=bugtraq&m=142496355704097&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=142546741516006&w=2", "reference_id": "?l=bugtraq&m=142546741516006&w=2", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://marc.info/?l=bugtraq&m=142546741516006&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=142607790919348&w=2", "reference_id": "?l=bugtraq&m=142607790919348&w=2", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://marc.info/?l=bugtraq&m=142607790919348&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=142624590206005&w=2", "reference_id": "?l=bugtraq&m=142624590206005&w=2", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://marc.info/?l=bugtraq&m=142624590206005&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=142624619906067", "reference_id": "?l=bugtraq&m=142624619906067", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://marc.info/?l=bugtraq&m=142624619906067" }, { "reference_url": "http://marc.info/?l=bugtraq&m=142624619906067&w=2", "reference_id": "?l=bugtraq&m=142624619906067&w=2", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://marc.info/?l=bugtraq&m=142624619906067&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=142624679706236&w=2", "reference_id": "?l=bugtraq&m=142624679706236&w=2", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://marc.info/?l=bugtraq&m=142624679706236&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=142624719706349&w=2", "reference_id": "?l=bugtraq&m=142624719706349&w=2", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://marc.info/?l=bugtraq&m=142624719706349&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=142721830231196&w=2", "reference_id": "?l=bugtraq&m=142721830231196&w=2", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://marc.info/?l=bugtraq&m=142721830231196&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=142721887231400&w=2", "reference_id": "?l=bugtraq&m=142721887231400&w=2", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://marc.info/?l=bugtraq&m=142721887231400&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=142740155824959&w=2", "reference_id": "?l=bugtraq&m=142740155824959&w=2", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://marc.info/?l=bugtraq&m=142740155824959&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=142791032306609&w=2", "reference_id": "?l=bugtraq&m=142791032306609&w=2", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://marc.info/?l=bugtraq&m=142791032306609&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=142804214608580&w=2", "reference_id": "?l=bugtraq&m=142804214608580&w=2", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://marc.info/?l=bugtraq&m=142804214608580&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=142805027510172&w=2", "reference_id": "?l=bugtraq&m=142805027510172&w=2", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://marc.info/?l=bugtraq&m=142805027510172&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=142962817202793&w=2", "reference_id": "?l=bugtraq&m=142962817202793&w=2", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://marc.info/?l=bugtraq&m=142962817202793&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=143039249603103&w=2", "reference_id": "?l=bugtraq&m=143039249603103&w=2", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://marc.info/?l=bugtraq&m=143039249603103&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=143101048219218&w=2", "reference_id": "?l=bugtraq&m=143101048219218&w=2", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://marc.info/?l=bugtraq&m=143101048219218&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=143290371927178&w=2", "reference_id": "?l=bugtraq&m=143290371927178&w=2", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://marc.info/?l=bugtraq&m=143290371927178&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=143290437727362&w=2", "reference_id": "?l=bugtraq&m=143290437727362&w=2", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://marc.info/?l=bugtraq&m=143290437727362&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=143290522027658&w=2", "reference_id": "?l=bugtraq&m=143290522027658&w=2", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://marc.info/?l=bugtraq&m=143290522027658&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=143290583027876&w=2", "reference_id": "?l=bugtraq&m=143290583027876&w=2", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://marc.info/?l=bugtraq&m=143290583027876&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=143558137709884&w=2", "reference_id": "?l=bugtraq&m=143558137709884&w=2", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://marc.info/?l=bugtraq&m=143558137709884&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=143558192010071&w=2", "reference_id": "?l=bugtraq&m=143558192010071&w=2", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://marc.info/?l=bugtraq&m=143558192010071&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=143628269912142&w=2", "reference_id": "?l=bugtraq&m=143628269912142&w=2", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://marc.info/?l=bugtraq&m=143628269912142&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=144101915224472&w=2", "reference_id": "?l=bugtraq&m=144101915224472&w=2", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://marc.info/?l=bugtraq&m=144101915224472&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=144251162130364&w=2", "reference_id": "?l=bugtraq&m=144251162130364&w=2", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://marc.info/?l=bugtraq&m=144251162130364&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=144294141001552&w=2", "reference_id": "?l=bugtraq&m=144294141001552&w=2", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://marc.info/?l=bugtraq&m=144294141001552&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=145983526810210&w=2", "reference_id": "?l=bugtraq&m=145983526810210&w=2", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://marc.info/?l=bugtraq&m=145983526810210&w=2" }, { "reference_url": "http://marc.info/?l=openssl-dev&m=141333049205629&w=2", "reference_id": "?l=openssl-dev&m=141333049205629&w=2", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://marc.info/?l=openssl-dev&m=141333049205629&w=2" }, { "reference_url": "http://advisories.mageia.org/MGASA-2014-0416.html", "reference_id": "MGASA-2014-0416.html", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://advisories.mageia.org/MGASA-2014-0416.html" }, { "reference_url": "http://docs.ipswitch.com/MOVEit/DMZ82/ReleaseNotes/MOVEitReleaseNotes82.pdf", "reference_id": "MOVEitReleaseNotes82.pdf", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://docs.ipswitch.com/MOVEit/DMZ82/ReleaseNotes/MOVEitReleaseNotes82.pdf" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00000.html", "reference_id": "msg00000.html", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00000.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00001.html", "reference_id": "msg00001.html", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00001.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00001.html", "reference_id": "msg00001.html", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00001.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00002.html", "reference_id": "msg00002.html", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00002.html" }, { "reference_url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html", "reference_id": "msg00003.html", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00003.html", "reference_id": "msg00003.html", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00003.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00008.html", "reference_id": "msg00008.html", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00008.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html", "reference_id": "msg00011.html", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00018.html", "reference_id": "msg00018.html", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00018.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00021.html", "reference_id": "msg00021.html", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00021.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00024.html", "reference_id": "msg00024.html", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00024.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.html", "reference_id": "msg00026.html", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00027.html", "reference_id": "msg00027.html", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00027.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html", "reference_id": "msg00027.html", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00033.html", "reference_id": "msg00033.html", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00033.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00036.html", "reference_id": "msg00036.html", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00036.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00066.html", "reference_id": "msg00066.html", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00066.html" }, { "reference_url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6", "reference_id": "multiple_vulnerabilities_in_openssl6", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6" }, { "reference_url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-015.txt.asc", "reference_id": "NetBSD-SA2014-015.txt.asc", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-015.txt.asc" }, { "reference_url": "http://blog.nodejs.org/2014/10/23/node-v0-10-33-stable/", "reference_id": "node-v0-10-33-stable", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://blog.nodejs.org/2014/10/23/node-v0-10-33-stable/" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20141015-0001/", "reference_id": "ntap-20141015-0001", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20141015-0001/" }, { "reference_url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc", "reference_id": "openssl_advisory11.asc", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc" }, { "reference_url": "https://support.lenovo.com/product_security/poodle", "reference_id": "poodle", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "https://support.lenovo.com/product_security/poodle" }, { "reference_url": "https://support.lenovo.com/us/en/product_security/poodle", "reference_id": "poodle", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "https://support.lenovo.com/us/en/product_security/poodle" }, { "reference_url": "https://www.imperialviolet.org/2014/10/14/poodle.html", "reference_id": "poodle.html", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "https://www.imperialviolet.org/2014/10/14/poodle.html" }, { "reference_url": "https://github.com/mpgn/poodle-PoC", "reference_id": "poodle-PoC", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "https://github.com/mpgn/poodle-PoC" }, { "reference_url": "https://puppet.com/security/cve/poodle-sslv3-vulnerability", "reference_id": "poodle-sslv3-vulnerability", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "https://puppet.com/security/cve/poodle-sslv3-vulnerability" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-1652.html", "reference_id": "RHSA-2014-1652.html", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1652.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-1653.html", "reference_id": "RHSA-2014-1653.html", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1653.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-1692.html", "reference_id": "RHSA-2014-1692.html", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1692.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1876", "reference_id": "RHSA-2014:1876", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1876" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-1876.html", "reference_id": "RHSA-2014-1876.html", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1876.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1877", "reference_id": "RHSA-2014:1877", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1877" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-1877.html", "reference_id": "RHSA-2014-1877.html", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1877.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1880", "reference_id": "RHSA-2014:1880", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1880" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-1880.html", "reference_id": "RHSA-2014-1880.html", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1880.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1881", "reference_id": "RHSA-2014:1881", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1881" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-1881.html", "reference_id": "RHSA-2014-1881.html", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1881.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1882", "reference_id": "RHSA-2014:1882", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1882" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-1882.html", "reference_id": "RHSA-2014-1882.html", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1882.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1920", "reference_id": "RHSA-2014:1920", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1920" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-1920.html", "reference_id": "RHSA-2014-1920.html", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1920.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-1948.html", "reference_id": "RHSA-2014-1948.html", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1948.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0010", "reference_id": "RHSA-2015:0010", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0010" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0011", "reference_id": "RHSA-2015:0011", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0011" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0012", "reference_id": "RHSA-2015:0012", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0012" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0067", "reference_id": "RHSA-2015:0067", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0067" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0068", "reference_id": "RHSA-2015:0068", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0068" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-0068.html", "reference_id": "RHSA-2015-0068.html", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0068.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0069", "reference_id": "RHSA-2015:0069", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0069" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0079", "reference_id": "RHSA-2015:0079", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0079" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-0079.html", "reference_id": "RHSA-2015-0079.html", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0079.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0080", "reference_id": "RHSA-2015:0080", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0080" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-0080.html", "reference_id": "RHSA-2015-0080.html", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0080.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0085", "reference_id": "RHSA-2015:0085", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0085" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-0085.html", "reference_id": "RHSA-2015-0085.html", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0085.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0086", "reference_id": "RHSA-2015:0086", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0086" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-0086.html", "reference_id": "RHSA-2015-0086.html", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0086.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0264", "reference_id": "RHSA-2015:0264", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0264" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-0264.html", "reference_id": "RHSA-2015-0264.html", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0264.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-0698.html", "reference_id": "RHSA-2015-0698.html", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0698.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1545", "reference_id": "RHSA-2015:1545", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:1545" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-1545.html", "reference_id": "RHSA-2015-1545.html", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-1545.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1546", "reference_id": "RHSA-2015:1546", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:1546" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-1546.html", "reference_id": "RHSA-2015-1546.html", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-1546.html" }, { "reference_url": "https://bto.bluecoat.com/security-advisory/sa83", "reference_id": "sa83", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "https://bto.bluecoat.com/security-advisory/sa83" }, { "reference_url": "https://www.openssl.org/news/secadv_20141015.txt", "reference_id": "secadv_20141015.txt", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "https://www.openssl.org/news/secadv_20141015.txt" }, { "reference_url": "http://blogs.technet.com/b/msrc/archive/2014/10/14/security-advisory-3009008-released.aspx", "reference_id": "security-advisory-3009008-released.aspx", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://blogs.technet.com/b/msrc/archive/2014/10/14/security-advisory-3009008-released.aspx" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1076983", "reference_id": "show_bug.cgi?id=1076983", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1076983" }, { "reference_url": "https://www.openssl.org/~bodo/ssl-poodle.pdf", "reference_id": "ssl-poodle.pdf", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "https://www.openssl.org/~bodo/ssl-poodle.pdf" }, { "reference_url": "http://www.us-cert.gov/ncas/alerts/TA14-290A", "reference_id": "TA14-290A", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://www.us-cert.gov/ncas/alerts/TA14-290A" }, { "reference_url": "https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/", "reference_id": "the-poodle-attack-and-the-end-of-ssl-3-0", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/" }, { "reference_url": "http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html", "reference_id": "this-poodle-bites-exploiting-ssl-30.html", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html" }, { "reference_url": "http://www.securityfocus.com/archive/1/533724/100/0/threaded", "reference_id": "threaded", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://www.securityfocus.com/archive/1/533724/100/0/threaded" }, { "reference_url": "https://usn.ubuntu.com/2486-1/", "reference_id": "USN-2486-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2486-1/" }, { "reference_url": "http://www.ubuntu.com/usn/USN-2486-1", "reference_id": "USN-2486-1", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://www.ubuntu.com/usn/USN-2486-1" }, { "reference_url": "https://usn.ubuntu.com/2487-1/", "reference_id": "USN-2487-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2487-1/" }, { "reference_url": "http://www.ubuntu.com/usn/USN-2487-1", "reference_id": "USN-2487-1", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://www.ubuntu.com/usn/USN-2487-1" }, { "reference_url": "http://www.vmware.com/security/advisories/VMSA-2015-0003.html", "reference_id": "VMSA-2015-0003.html", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://www.vmware.com/security/advisories/VMSA-2015-0003.html" }, { "reference_url": "http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0", "reference_id": "Vulnerabilities-resolved-in-TRITON-APX-Version-8-0", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T17:34:07Z/" } ], "url": "http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/343092?format=api", "purl": "pkg:deb/debian/erlang@1:17.3-dfsg-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:17.3-dfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343086?format=api", "purl": "pkg:deb/debian/erlang@1:23.2.6%2Bdfsg-1%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-4ny1-ztaq-yudj" }, { "vulnerability": "VCID-5vxe-1smj-fyck" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" }, { "vulnerability": "VCID-d2mt-nbtf-b3fy" }, { "vulnerability": "VCID-h7x2-fxke-tkdp" }, { "vulnerability": "VCID-qqzg-7f84-4fhz" }, { "vulnerability": "VCID-ws6x-zs8f-b3d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:23.2.6%252Bdfsg-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343084?format=api", "purl": "pkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-4ny1-ztaq-yudj" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" }, { "vulnerability": "VCID-h7x2-fxke-tkdp" }, { "vulnerability": "VCID-qqzg-7f84-4fhz" }, { "vulnerability": "VCID-ws6x-zs8f-b3d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:25.2.3%252Bdfsg-1%252Bdeb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343089?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.1%2Bdfsg-1%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-4ny1-ztaq-yudj" }, { "vulnerability": "VCID-4qr6-9z6u-ekb3" }, { "vulnerability": "VCID-7xvh-aqcu-uyb4" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" }, { "vulnerability": "VCID-qqzg-7f84-4fhz" }, { "vulnerability": "VCID-ws6x-zs8f-b3d5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.1%252Bdfsg-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343087?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.11%2Bdfsg-7?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1py9-5tap-d7fv" }, { "vulnerability": "VCID-7xvh-aqcu-uyb4" }, { "vulnerability": "VCID-8a5v-tu8j-7kfe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.11%252Bdfsg-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/343088?format=api", "purl": "pkg:deb/debian/erlang@1:27.3.4.12%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.12%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-3566" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xet9-63wg-3fgw" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.12%252Bdfsg-1%3Fdistro=trixie" }