Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/coreutils@9.7-3?distro=trixie

Type deb

Namespace debian

Name coreutils

Version 9.7-3

Qualifiers

distro	trixie

Subpath

Is_vulnerable false

Next_non_vulnerable_version 9.10-1

Latest_non_vulnerable_version 9.10-1

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-1e7v-b871-v3dv

vulnerability_id VCID-1e7v-b871-v3dv

summary chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2781.json

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2781.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-2781

reference_id

reference_type

scores

value	0.00079
scoring_system	epss
scoring_elements	0.23394
published_at	2026-06-11T12:55:00Z

value	0.00079
scoring_system	epss
scoring_elements	0.2359
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-2781

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2781
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2781

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1312863
reference_id	1312863
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1312863

reference_url

http://www.openwall.com/lists/oss-security/2016/02/28/2

reference_id

reference_type

scores

value	4.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:21Z/

url

http://www.openwall.com/lists/oss-security/2016/02/28/2

reference_url

http://www.openwall.com/lists/oss-security/2016/02/28/3

reference_id

reference_type

scores

value	4.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:21Z/

url

http://www.openwall.com/lists/oss-security/2016/02/28/3

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816320
reference_id	816320
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816320

reference_url

https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E

reference_id

rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E

reference_type

scores

value	4.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:21Z/

url

https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E

fixed_packages

url	pkg:deb/debian/coreutils@9.4-1?distro=trixie
purl	pkg:deb/debian/coreutils@9.4-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/coreutils@9.4-1%3Fdistro=trixie

url	pkg:deb/debian/coreutils@9.7-3?distro=trixie
purl	pkg:deb/debian/coreutils@9.7-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/coreutils@9.7-3%3Fdistro=trixie

url	pkg:deb/debian/coreutils@9.10-1?distro=trixie
purl	pkg:deb/debian/coreutils@9.10-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/coreutils@9.10-1%3Fdistro=trixie

aliases CVE-2016-2781

risk_score 3.9

exploitability 0.5

weighted_severity 7.7

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1e7v-b871-v3dv

url VCID-3553-2uat-byg2

vulnerability_id VCID-3553-2uat-byg2

summary The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the join command, when using the -i switch, which triggers a stack-based buffer overflow in the alloca function.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0223.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0223.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-0223

reference_id

reference_type

scores

value	0.00141
scoring_system	epss
scoring_elements	0.3406
published_at	2026-06-11T12:55:00Z

value	0.00141
scoring_system	epss
scoring_elements	0.34236
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-0223

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=903466
reference_id	903466
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=903466

reference_url	https://access.redhat.com/errata/RHSA-2013:1652
reference_id	RHSA-2013:1652
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:1652

fixed_packages

url	pkg:deb/debian/coreutils@0?distro=trixie
purl	pkg:deb/debian/coreutils@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/coreutils@0%3Fdistro=trixie

url pkg:deb/debian/coreutils@8.32-4?distro=trixie

purl pkg:deb/debian/coreutils@8.32-4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1e7v-b871-v3dv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/coreutils@8.32-4%3Fdistro=trixie

url pkg:deb/debian/coreutils@9.1-1?distro=trixie

purl pkg:deb/debian/coreutils@9.1-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1e7v-b871-v3dv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/coreutils@9.1-1%3Fdistro=trixie

url	pkg:deb/debian/coreutils@9.7-3?distro=trixie
purl	pkg:deb/debian/coreutils@9.7-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/coreutils@9.7-3%3Fdistro=trixie

url	pkg:deb/debian/coreutils@9.10-1?distro=trixie
purl	pkg:deb/debian/coreutils@9.10-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/coreutils@9.10-1%3Fdistro=trixie

aliases CVE-2013-0223

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3553-2uat-byg2

url VCID-4phm-xps4-xygm

vulnerability_id VCID-4phm-xps4-xygm

summary The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the sort command, when using the (1) -d or (2) -M switch, which triggers a stack-based buffer overflow in the alloca function.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0221.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0221.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-0221

reference_id

reference_type

scores

value	0.06006
scoring_system	epss
scoring_elements	0.90894
published_at	2026-06-11T12:55:00Z

value	0.06006
scoring_system	epss
scoring_elements	0.90923
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-0221

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=903464
reference_id	903464
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=903464

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/38232.txt
reference_id	CVE-2013-0221;OSVDB-91236
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/38232.txt

reference_url	https://www.securityfocus.com/bid/57492/info
reference_id	CVE-2013-0221;OSVDB-91236
reference_type	exploit
scores
url	https://www.securityfocus.com/bid/57492/info

reference_url	https://access.redhat.com/errata/RHSA-2013:1652
reference_id	RHSA-2013:1652
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:1652

fixed_packages

url	pkg:deb/debian/coreutils@0?distro=trixie
purl	pkg:deb/debian/coreutils@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/coreutils@0%3Fdistro=trixie

url pkg:deb/debian/coreutils@8.32-4?distro=trixie

purl pkg:deb/debian/coreutils@8.32-4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1e7v-b871-v3dv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/coreutils@8.32-4%3Fdistro=trixie

url pkg:deb/debian/coreutils@9.1-1?distro=trixie

purl pkg:deb/debian/coreutils@9.1-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1e7v-b871-v3dv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/coreutils@9.1-1%3Fdistro=trixie

url	pkg:deb/debian/coreutils@9.7-3?distro=trixie
purl	pkg:deb/debian/coreutils@9.7-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/coreutils@9.7-3%3Fdistro=trixie

url	pkg:deb/debian/coreutils@9.10-1?distro=trixie
purl	pkg:deb/debian/coreutils@9.10-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/coreutils@9.10-1%3Fdistro=trixie

aliases CVE-2013-0221

risk_score 0.2

exploitability 2.0

weighted_severity 0.1

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4phm-xps4-xygm

url VCID-bqk7-wh9e-7baw

vulnerability_id VCID-bqk7-wh9e-7baw

summary The distcheck rule in dist-check.mk in GNU coreutils 5.2.1 through 8.1 allows local users to gain privileges via a symlink attack on a file in a directory tree under /tmp.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-4135.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-4135.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2009-4135

reference_id

reference_type

scores

value	0.00032
scoring_system	epss
scoring_elements	0.09739
published_at	2026-06-11T12:55:00Z

value	0.00032
scoring_system	epss
scoring_elements	0.09789
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2009-4135

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=545439
reference_id	545439
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=545439

reference_url	https://usn.ubuntu.com/2473-1/
reference_id	USN-2473-1
reference_type
scores
url	https://usn.ubuntu.com/2473-1/

fixed_packages

url	pkg:deb/debian/coreutils@0?distro=trixie
purl	pkg:deb/debian/coreutils@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/coreutils@0%3Fdistro=trixie

url pkg:deb/debian/coreutils@8.32-4?distro=trixie

purl pkg:deb/debian/coreutils@8.32-4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1e7v-b871-v3dv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/coreutils@8.32-4%3Fdistro=trixie

url pkg:deb/debian/coreutils@9.1-1?distro=trixie

purl pkg:deb/debian/coreutils@9.1-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1e7v-b871-v3dv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/coreutils@9.1-1%3Fdistro=trixie

url	pkg:deb/debian/coreutils@9.7-3?distro=trixie
purl	pkg:deb/debian/coreutils@9.7-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/coreutils@9.7-3%3Fdistro=trixie

url	pkg:deb/debian/coreutils@9.10-1?distro=trixie
purl	pkg:deb/debian/coreutils@9.10-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/coreutils@9.10-1%3Fdistro=trixie

aliases CVE-2009-4135

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bqk7-wh9e-7baw

url VCID-ep3p-begv-mkam

vulnerability_id VCID-ep3p-begv-mkam

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-0684.json

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-0684.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-0684

reference_id

reference_type

scores

value	0.00086
scoring_system	epss
scoring_elements	0.24958
published_at	2026-06-12T12:55:00Z

value	0.00086
scoring_system	epss
scoring_elements	0.2476
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-0684

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061138
reference_id	1061138
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061138

reference_url

https://www.openwall.com/lists/oss-security/2024/01/18/2

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-06T15:37:23Z/

url

https://www.openwall.com/lists/oss-security/2024/01/18/2

reference_url

https://access.redhat.com/security/cve/CVE-2024-0684

reference_id

CVE-2024-0684

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-06T15:37:23Z/

url

https://access.redhat.com/security/cve/CVE-2024-0684

reference_url	https://security.gentoo.org/glsa/202407-16
reference_id	GLSA-202407-16
reference_type
scores
url	https://security.gentoo.org/glsa/202407-16

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=2258948

reference_id

show_bug.cgi?id=2258948

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-06T15:37:23Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=2258948

fixed_packages

url	pkg:deb/debian/coreutils@0?distro=trixie
purl	pkg:deb/debian/coreutils@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/coreutils@0%3Fdistro=trixie

url pkg:deb/debian/coreutils@8.32-4?distro=trixie

purl pkg:deb/debian/coreutils@8.32-4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1e7v-b871-v3dv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/coreutils@8.32-4%3Fdistro=trixie

url pkg:deb/debian/coreutils@9.1-1?distro=trixie

purl pkg:deb/debian/coreutils@9.1-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1e7v-b871-v3dv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/coreutils@9.1-1%3Fdistro=trixie

url	pkg:deb/debian/coreutils@9.5-1?distro=trixie
purl	pkg:deb/debian/coreutils@9.5-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/coreutils@9.5-1%3Fdistro=trixie

url	pkg:deb/debian/coreutils@9.7-3?distro=trixie
purl	pkg:deb/debian/coreutils@9.7-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/coreutils@9.7-3%3Fdistro=trixie

url	pkg:deb/debian/coreutils@9.10-1?distro=trixie
purl	pkg:deb/debian/coreutils@9.10-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/coreutils@9.10-1%3Fdistro=trixie

aliases CVE-2024-0684

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ep3p-begv-mkam

url VCID-etyt-c12h-4qet

vulnerability_id VCID-etyt-c12h-4qet

summary The default configuration of su in /etc/pam.d/su in GNU coreutils 5.2.1 allows local users to gain the privileges of a (1) locked or (2) expired account by entering the account name on the command line, related to improper use of the pam_succeed_if.so module.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-1946.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-1946.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2008-1946

reference_id

reference_type

scores

value	0.00069
scoring_system	epss
scoring_elements	0.21328
published_at	2026-06-11T12:55:00Z

value	0.00069
scoring_system	epss
scoring_elements	0.21512
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2008-1946

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1946
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1946

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=446488
reference_id	446488
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=446488

reference_url	https://access.redhat.com/errata/RHSA-2008:0780
reference_id	RHSA-2008:0780
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2008:0780

fixed_packages

url	pkg:deb/debian/coreutils@5.93-1?distro=trixie
purl	pkg:deb/debian/coreutils@5.93-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/coreutils@5.93-1%3Fdistro=trixie

url pkg:deb/debian/coreutils@8.32-4?distro=trixie

purl pkg:deb/debian/coreutils@8.32-4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1e7v-b871-v3dv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/coreutils@8.32-4%3Fdistro=trixie

url pkg:deb/debian/coreutils@9.1-1?distro=trixie

purl pkg:deb/debian/coreutils@9.1-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1e7v-b871-v3dv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/coreutils@9.1-1%3Fdistro=trixie

url	pkg:deb/debian/coreutils@9.7-3?distro=trixie
purl	pkg:deb/debian/coreutils@9.7-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/coreutils@9.7-3%3Fdistro=trixie

url	pkg:deb/debian/coreutils@9.10-1?distro=trixie
purl	pkg:deb/debian/coreutils@9.10-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/coreutils@9.10-1%3Fdistro=trixie

aliases CVE-2008-1946

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-etyt-c12h-4qet

url VCID-evqz-xzkw-u3e7

vulnerability_id VCID-evqz-xzkw-u3e7

summary The keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 on 64-bit platforms performs a size calculation without considering the number of bytes occupied by multibyte characters, which allows attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via long UTF-8 strings.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4041.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4041.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-4041

reference_id

reference_type

scores

value	0.00056
scoring_system	epss
scoring_elements	0.17868
published_at	2026-06-11T12:55:00Z

value	0.00056
scoring_system	epss
scoring_elements	0.18028
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-4041

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1223813
reference_id	1223813
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1223813

fixed_packages

url	pkg:deb/debian/coreutils@0?distro=trixie
purl	pkg:deb/debian/coreutils@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/coreutils@0%3Fdistro=trixie

url pkg:deb/debian/coreutils@8.32-4?distro=trixie

purl pkg:deb/debian/coreutils@8.32-4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1e7v-b871-v3dv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/coreutils@8.32-4%3Fdistro=trixie

url pkg:deb/debian/coreutils@9.1-1?distro=trixie

purl pkg:deb/debian/coreutils@9.1-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1e7v-b871-v3dv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/coreutils@9.1-1%3Fdistro=trixie

url	pkg:deb/debian/coreutils@9.7-3?distro=trixie
purl	pkg:deb/debian/coreutils@9.7-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/coreutils@9.7-3%3Fdistro=trixie

url	pkg:deb/debian/coreutils@9.10-1?distro=trixie
purl	pkg:deb/debian/coreutils@9.10-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/coreutils@9.10-1%3Fdistro=trixie

aliases CVE-2015-4041

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-evqz-xzkw-u3e7

url VCID-ffv3-wj8c-w7ek

vulnerability_id VCID-ffv3-wj8c-w7ek

summary fts.c in coreutils 8.4 allows local users to delete arbitrary files.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1865.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1865.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-1865

reference_id

reference_type

scores

value	0.00076
scoring_system	epss
scoring_elements	0.22893
published_at	2026-06-11T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.2309
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-1865

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1865
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1865

reference_url

http://www.securityfocus.com/bid/76073

reference_id

76073

reference_type

scores

value	5.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-06T21:03:11Z/

url

http://www.securityfocus.com/bid/76073

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1211300

reference_id

show_bug.cgi?id=1211300

reference_type

scores

value	5.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-06T21:03:11Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=1211300

fixed_packages

url	pkg:deb/debian/coreutils@8.13-1?distro=trixie
purl	pkg:deb/debian/coreutils@8.13-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/coreutils@8.13-1%3Fdistro=trixie

url pkg:deb/debian/coreutils@8.32-4?distro=trixie

purl pkg:deb/debian/coreutils@8.32-4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1e7v-b871-v3dv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/coreutils@8.32-4%3Fdistro=trixie

url pkg:deb/debian/coreutils@9.1-1?distro=trixie

purl pkg:deb/debian/coreutils@9.1-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1e7v-b871-v3dv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/coreutils@9.1-1%3Fdistro=trixie

url	pkg:deb/debian/coreutils@9.7-3?distro=trixie
purl	pkg:deb/debian/coreutils@9.7-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/coreutils@9.7-3%3Fdistro=trixie

url	pkg:deb/debian/coreutils@9.10-1?distro=trixie
purl	pkg:deb/debian/coreutils@9.10-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/coreutils@9.10-1%3Fdistro=trixie

aliases CVE-2015-1865

risk_score 2.3

exploitability 0.5

weighted_severity 4.6

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ffv3-wj8c-w7ek

url VCID-fymz-k4pt-5ugu

vulnerability_id VCID-fymz-k4pt-5ugu

summary Race condition in Core Utilities (coreutils) 5.2.1, when (1) mkdir, (2) mknod, or (3) mkfifo is running with the -m switch, allows local users to modify permissions of other files.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2005-1039

reference_id

reference_type

scores

value	0.00055
scoring_system	epss
scoring_elements	0.17571
published_at	2026-06-11T12:55:00Z

value	0.00055
scoring_system	epss
scoring_elements	0.17729
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2005-1039

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1039
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1039

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=304556
reference_id	304556
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=304556

fixed_packages

url	pkg:deb/debian/coreutils@6.10-1?distro=trixie
purl	pkg:deb/debian/coreutils@6.10-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/coreutils@6.10-1%3Fdistro=trixie

url pkg:deb/debian/coreutils@8.32-4?distro=trixie

purl pkg:deb/debian/coreutils@8.32-4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1e7v-b871-v3dv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/coreutils@8.32-4%3Fdistro=trixie

url pkg:deb/debian/coreutils@9.1-1?distro=trixie

purl pkg:deb/debian/coreutils@9.1-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1e7v-b871-v3dv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/coreutils@9.1-1%3Fdistro=trixie

url	pkg:deb/debian/coreutils@9.7-3?distro=trixie
purl	pkg:deb/debian/coreutils@9.7-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/coreutils@9.7-3%3Fdistro=trixie

url	pkg:deb/debian/coreutils@9.10-1?distro=trixie
purl	pkg:deb/debian/coreutils@9.10-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/coreutils@9.10-1%3Fdistro=trixie

aliases CVE-2005-1039

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fymz-k4pt-5ugu

url VCID-gtr9-57zm-rbcv

vulnerability_id VCID-gtr9-57zm-rbcv

summary

A vulnerability in Coreutils could lead to the execution of
    arbitrary code or a Denial of Service condition.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9471.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9471.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-9471

reference_id

reference_type

scores

value	0.04258
scoring_system	epss
scoring_elements	0.89058
published_at	2026-06-11T12:55:00Z

value	0.04258
scoring_system	epss
scoring_elements	0.89096
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-9471

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9471
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9471

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1167548
reference_id	1167548
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1167548

reference_url	https://security.gentoo.org/glsa/201612-22
reference_id	GLSA-201612-22
reference_type
scores
url	https://security.gentoo.org/glsa/201612-22

reference_url	https://usn.ubuntu.com/2473-1/
reference_id	USN-2473-1
reference_type
scores
url	https://usn.ubuntu.com/2473-1/

fixed_packages

url	pkg:deb/debian/coreutils@8.23-1?distro=trixie
purl	pkg:deb/debian/coreutils@8.23-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/coreutils@8.23-1%3Fdistro=trixie

url pkg:deb/debian/coreutils@8.32-4?distro=trixie

purl pkg:deb/debian/coreutils@8.32-4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1e7v-b871-v3dv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/coreutils@8.32-4%3Fdistro=trixie

url pkg:deb/debian/coreutils@9.1-1?distro=trixie

purl pkg:deb/debian/coreutils@9.1-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1e7v-b871-v3dv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/coreutils@9.1-1%3Fdistro=trixie

url	pkg:deb/debian/coreutils@9.7-3?distro=trixie
purl	pkg:deb/debian/coreutils@9.7-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/coreutils@9.7-3%3Fdistro=trixie

url	pkg:deb/debian/coreutils@9.10-1?distro=trixie
purl	pkg:deb/debian/coreutils@9.10-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/coreutils@9.10-1%3Fdistro=trixie

aliases CVE-2014-9471

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gtr9-57zm-rbcv

url VCID-mk1u-axz2-e3hf

vulnerability_id VCID-mk1u-axz2-e3hf

summary cp, when running with an option to preserve symlinks on multiple OSes, allows local, user-assisted attackers to overwrite arbitrary files via a symlink attack using crafted directories containing multiple source files that are copied to the same destination.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-4998.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-4998.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2007-4998

reference_id

reference_type

scores

value	0.00092
scoring_system	epss
scoring_elements	0.25853
published_at	2026-06-11T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.26052
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2007-4998

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4998
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4998

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=356471
reference_id	356471
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=356471

fixed_packages

url	pkg:deb/debian/coreutils@4.1.2?distro=trixie
purl	pkg:deb/debian/coreutils@4.1.2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/coreutils@4.1.2%3Fdistro=trixie

url pkg:deb/debian/coreutils@8.32-4?distro=trixie

purl pkg:deb/debian/coreutils@8.32-4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1e7v-b871-v3dv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/coreutils@8.32-4%3Fdistro=trixie

url pkg:deb/debian/coreutils@9.1-1?distro=trixie

purl pkg:deb/debian/coreutils@9.1-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1e7v-b871-v3dv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/coreutils@9.1-1%3Fdistro=trixie

url	pkg:deb/debian/coreutils@9.7-3?distro=trixie
purl	pkg:deb/debian/coreutils@9.7-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/coreutils@9.7-3%3Fdistro=trixie

url	pkg:deb/debian/coreutils@9.10-1?distro=trixie
purl	pkg:deb/debian/coreutils@9.10-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/coreutils@9.10-1%3Fdistro=trixie

aliases CVE-2007-4998

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mk1u-axz2-e3hf

url VCID-mrxc-djq9-wkdg

vulnerability_id VCID-mrxc-djq9-wkdg

summary A race condition was found in util-linux before 2.32.1 in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root privileges under specific conditions.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2616.json

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2616.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-2616

reference_id

reference_type

scores

value	0.00061
scoring_system	epss
scoring_elements	0.19396
published_at	2026-06-11T12:55:00Z

value	0.00061
scoring_system	epss
scoring_elements	0.19568
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-2616

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6252
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6252

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2616
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2616

reference_url

http://www.securitytracker.com/id/1038271

reference_id

1038271

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:37:36Z/

url

http://www.securitytracker.com/id/1038271

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1418710
reference_id	1418710
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1418710

reference_url

https://security.gentoo.org/glsa/201706-02

reference_id

201706-02

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:37:36Z/

url

https://security.gentoo.org/glsa/201706-02

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855943
reference_id	855943
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855943

reference_url

http://www.securityfocus.com/bid/96404

reference_id

96404

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:37:36Z/

url

http://www.securityfocus.com/bid/96404

reference_url

https://github.com/karelzak/util-linux/commit/dffab154d29a288aa171ff50263ecc8f2e14a891

reference_id

dffab154d29a288aa171ff50263ecc8f2e14a891

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:37:36Z/

url

https://github.com/karelzak/util-linux/commit/dffab154d29a288aa171ff50263ecc8f2e14a891

reference_url

https://www.debian.org/security/2017/dsa-3793

reference_id

dsa-3793

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:37:36Z/

url

https://www.debian.org/security/2017/dsa-3793

reference_url	https://access.redhat.com/errata/RHSA-2017:0654
reference_id	RHSA-2017:0654
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:0654

reference_url

http://rhn.redhat.com/errata/RHSA-2017-0654.html

reference_id

RHSA-2017-0654.html

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:37:36Z/

url

http://rhn.redhat.com/errata/RHSA-2017-0654.html

reference_url

https://access.redhat.com/errata/RHSA-2017:0907

reference_id

RHSA-2017:0907

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:37:36Z/

url

https://access.redhat.com/errata/RHSA-2017:0907

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2616

reference_id

show_bug.cgi?id=CVE-2017-2616

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:37:36Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2616

reference_url	https://usn.ubuntu.com/3276-1/
reference_id	USN-3276-1
reference_type
scores
url	https://usn.ubuntu.com/3276-1/

reference_url	https://usn.ubuntu.com/3276-3/
reference_id	USN-3276-3
reference_type
scores
url	https://usn.ubuntu.com/3276-3/

fixed_packages

url	pkg:deb/debian/coreutils@8.20-1?distro=trixie
purl	pkg:deb/debian/coreutils@8.20-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/coreutils@8.20-1%3Fdistro=trixie

url pkg:deb/debian/coreutils@8.32-4?distro=trixie

purl pkg:deb/debian/coreutils@8.32-4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1e7v-b871-v3dv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/coreutils@8.32-4%3Fdistro=trixie

url pkg:deb/debian/coreutils@9.1-1?distro=trixie

purl pkg:deb/debian/coreutils@9.1-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1e7v-b871-v3dv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/coreutils@9.1-1%3Fdistro=trixie

url	pkg:deb/debian/coreutils@9.7-3?distro=trixie
purl	pkg:deb/debian/coreutils@9.7-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/coreutils@9.7-3%3Fdistro=trixie

url	pkg:deb/debian/coreutils@9.10-1?distro=trixie
purl	pkg:deb/debian/coreutils@9.10-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/coreutils@9.10-1%3Fdistro=trixie

aliases (+, CVE-2017-2616, fix), regression

risk_score 2.5

exploitability 0.5

weighted_severity 5.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mrxc-djq9-wkdg

url VCID-sbbr-jj5q-p7et

vulnerability_id VCID-sbbr-jj5q-p7et

summary The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the uniq command, which triggers a stack-based buffer overflow in the alloca function.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0222.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0222.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-0222

reference_id

reference_type

scores

value	0.00143
scoring_system	epss
scoring_elements	0.34233
published_at	2026-06-11T12:55:00Z

value	0.00143
scoring_system	epss
scoring_elements	0.34411
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-0222

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=903465
reference_id	903465
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=903465

reference_url	https://access.redhat.com/errata/RHSA-2013:1652
reference_id	RHSA-2013:1652
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:1652

fixed_packages

url	pkg:deb/debian/coreutils@0?distro=trixie
purl	pkg:deb/debian/coreutils@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/coreutils@0%3Fdistro=trixie

url pkg:deb/debian/coreutils@8.32-4?distro=trixie

purl pkg:deb/debian/coreutils@8.32-4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1e7v-b871-v3dv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/coreutils@8.32-4%3Fdistro=trixie

url pkg:deb/debian/coreutils@9.1-1?distro=trixie

purl pkg:deb/debian/coreutils@9.1-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1e7v-b871-v3dv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/coreutils@9.1-1%3Fdistro=trixie

url	pkg:deb/debian/coreutils@9.7-3?distro=trixie
purl	pkg:deb/debian/coreutils@9.7-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/coreutils@9.7-3%3Fdistro=trixie

url	pkg:deb/debian/coreutils@9.10-1?distro=trixie
purl	pkg:deb/debian/coreutils@9.10-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/coreutils@9.10-1%3Fdistro=trixie

aliases CVE-2013-0222

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sbbr-jj5q-p7et

url VCID-suu6-5d7s-nyha

vulnerability_id VCID-suu6-5d7s-nyha

summary An integer overflow in ls in the fileutils or coreutils packages may allow local users to cause a denial of service or execute arbitrary code via a large -w value, which could be remotely exploited via applications that use ls, such as wu-ftpd.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2003-0853.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2003-0853.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2003-0853

reference_id

reference_type

scores

value	0.02438
scoring_system	epss
scoring_elements	0.85496
published_at	2026-06-11T12:55:00Z

value	0.02438
scoring_system	epss
scoring_elements	0.85548
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2003-0853

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0853
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0853

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1617091
reference_id	1617091
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1617091

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/23274.pl
reference_id	CVE-2003-0853;OSVDB-4621
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/23274.pl

reference_url	https://www.securityfocus.com/bid/8875/info
reference_id	CVE-2003-0853;OSVDB-4621
reference_type	exploit
scores
url	https://www.securityfocus.com/bid/8875/info

reference_url	https://access.redhat.com/errata/RHSA-2003:309
reference_id	RHSA-2003:309
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2003:309

reference_url	https://access.redhat.com/errata/RHSA-2003:310
reference_id	RHSA-2003:310
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2003:310

fixed_packages

url	pkg:deb/debian/coreutils@5.2.1-1?distro=trixie
purl	pkg:deb/debian/coreutils@5.2.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/coreutils@5.2.1-1%3Fdistro=trixie

url pkg:deb/debian/coreutils@8.32-4?distro=trixie

purl pkg:deb/debian/coreutils@8.32-4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1e7v-b871-v3dv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/coreutils@8.32-4%3Fdistro=trixie

url pkg:deb/debian/coreutils@9.1-1?distro=trixie

purl pkg:deb/debian/coreutils@9.1-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1e7v-b871-v3dv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/coreutils@9.1-1%3Fdistro=trixie

url	pkg:deb/debian/coreutils@9.7-3?distro=trixie
purl	pkg:deb/debian/coreutils@9.7-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/coreutils@9.7-3%3Fdistro=trixie

url	pkg:deb/debian/coreutils@9.10-1?distro=trixie
purl	pkg:deb/debian/coreutils@9.10-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/coreutils@9.10-1%3Fdistro=trixie

aliases CVE-2003-0853

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-suu6-5d7s-nyha

url VCID-ujkw-6mdt-5yh5

vulnerability_id VCID-ujkw-6mdt-5yh5

summary Integer overflow in the keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 might allow attackers to cause a denial of service (application crash) or possibly have unspecified other impact via long strings.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4042.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4042.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-4042

reference_id

reference_type

scores

value	0.00398
scoring_system	epss
scoring_elements	0.61022
published_at	2026-06-11T12:55:00Z

value	0.00398
scoring_system	epss
scoring_elements	0.61128
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-4042

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1223817
reference_id	1223817
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1223817

fixed_packages

url	pkg:deb/debian/coreutils@0?distro=trixie
purl	pkg:deb/debian/coreutils@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/coreutils@0%3Fdistro=trixie

url pkg:deb/debian/coreutils@8.32-4?distro=trixie

purl pkg:deb/debian/coreutils@8.32-4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1e7v-b871-v3dv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/coreutils@8.32-4%3Fdistro=trixie

url pkg:deb/debian/coreutils@9.1-1?distro=trixie

purl pkg:deb/debian/coreutils@9.1-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1e7v-b871-v3dv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/coreutils@9.1-1%3Fdistro=trixie

url	pkg:deb/debian/coreutils@9.7-3?distro=trixie
purl	pkg:deb/debian/coreutils@9.7-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/coreutils@9.7-3%3Fdistro=trixie

url	pkg:deb/debian/coreutils@9.10-1?distro=trixie
purl	pkg:deb/debian/coreutils@9.10-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/coreutils@9.10-1%3Fdistro=trixie

aliases CVE-2015-4042

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ujkw-6mdt-5yh5

url VCID-vxmp-ea3f-vudb

vulnerability_id VCID-vxmp-ea3f-vudb

summary ls in the fileutils or coreutils packages allows local users to consume a large amount of memory via a large -w value, which can be remotely exploited via applications that use ls, such as wu-ftpd.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2003-0854.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2003-0854.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2003-0854

reference_id

reference_type

scores

value	0.00234
scoring_system	epss
scoring_elements	0.46504
published_at	2026-06-11T12:55:00Z

value	0.00234
scoring_system	epss
scoring_elements	0.46649
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2003-0854

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0854
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0854

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1617092
reference_id	1617092
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1617092

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/115.c
reference_id	OSVDB-4620;CVE-2003-0854
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/115.c

reference_url	https://access.redhat.com/errata/RHSA-2003:309
reference_id	RHSA-2003:309
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2003:309

reference_url	https://access.redhat.com/errata/RHSA-2003:310
reference_id	RHSA-2003:310
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2003:310

fixed_packages

url	pkg:deb/debian/coreutils@5.2.1-1?distro=trixie
purl	pkg:deb/debian/coreutils@5.2.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/coreutils@5.2.1-1%3Fdistro=trixie

url pkg:deb/debian/coreutils@8.32-4?distro=trixie

purl pkg:deb/debian/coreutils@8.32-4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1e7v-b871-v3dv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/coreutils@8.32-4%3Fdistro=trixie

url pkg:deb/debian/coreutils@9.1-1?distro=trixie

purl pkg:deb/debian/coreutils@9.1-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1e7v-b871-v3dv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/coreutils@9.1-1%3Fdistro=trixie

url	pkg:deb/debian/coreutils@9.7-3?distro=trixie
purl	pkg:deb/debian/coreutils@9.7-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/coreutils@9.7-3%3Fdistro=trixie

url	pkg:deb/debian/coreutils@9.10-1?distro=trixie
purl	pkg:deb/debian/coreutils@9.10-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/coreutils@9.10-1%3Fdistro=trixie

aliases CVE-2003-0854

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vxmp-ea3f-vudb

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/coreutils@9.7-3%3Fdistro=trixie

Package Instance