{"url":"http://public2.vulnerablecode.io/api/packages/35622?format=json","purl":"pkg:deb/debian/cpio@2.15%2Bdfsg-2.1?distro=trixie","type":"deb","namespace":"debian","name":"cpio","version":"2.15+dfsg-2.1","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/199345?format=json","vulnerability_id":"VCID-2w15-yz9e-hbeq","summary":"cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other operating systems, uses a 0 umask when creating files using the -O (archive) or -F options, which creates the files with mode 0666 and allows local users to read or overwrite those files.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-1999-1572.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-1999-1572.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-1999-1572","reference_id":"","reference_type":"","scores":[{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.3378","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33959","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33981","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-1999-1572"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1572","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1572"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1616458","reference_id":"1616458","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1616458"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=293379","reference_id":"293379","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=293379"},{"reference_url":"https://access.redhat.com/errata/RHSA-2005:073","reference_id":"RHSA-2005:073","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2005:073"},{"reference_url":"https://access.redhat.com/errata/RHSA-2005:080","reference_id":"RHSA-2005:080","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2005:080"},{"reference_url":"https://access.redhat.com/errata/RHSA-2005:806","reference_id":"RHSA-2005:806","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2005:806"},{"reference_url":"https://usn.ubuntu.com/75-1/","reference_id":"USN-75-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/75-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/35619?format=json","purl":"pkg:deb/debian/cpio@2.5-1.2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cpio@2.5-1.2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/35621?format=json","purl":"pkg:deb/debian/cpio@2.13%2Bdfsg-7.1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-y8fv-ddtc-nkds"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cpio@2.13%252Bdfsg-7.1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/35617?format=json","purl":"pkg:deb/debian/cpio@2.13%2Bdfsg-7.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-y8fv-ddtc-nkds"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cpio@2.13%252Bdfsg-7.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/35623?format=json","purl":"pkg:deb/debian/cpio@2.15%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cpio@2.15%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/35622?format=json","purl":"pkg:deb/debian/cpio@2.15%2Bdfsg-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cpio@2.15%252Bdfsg-2.1%3Fdistro=trixie"}],"aliases":["CVE-1999-1572"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2w15-yz9e-hbeq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/176685?format=json","vulnerability_id":"VCID-5pjk-sebx-3uhx","summary":"A buffer overflow flaw in GNU Tar could result in execution of\n    arbitrary code or a Denial of Service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0624.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0624.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0624","reference_id":"","reference_type":"","scores":[{"value":"0.01474","scoring_system":"epss","scoring_elements":"0.81365","published_at":"2026-06-11T12:55:00Z"},{"value":"0.01474","scoring_system":"epss","scoring_elements":"0.81426","published_at":"2026-06-12T12:55:00Z"},{"value":"0.01474","scoring_system":"epss","scoring_elements":"0.81434","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0624"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0624","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0624"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=564368","reference_id":"564368","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=564368"},{"reference_url":"https://security.gentoo.org/glsa/201111-11","reference_id":"GLSA-201111-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201111-11"},{"reference_url":"https://security.gentoo.org/glsa/201311-21","reference_id":"GLSA-201311-21","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201311-21"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0141","reference_id":"RHSA-2010:0141","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0141"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0142","reference_id":"RHSA-2010:0142","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0142"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0143","reference_id":"RHSA-2010:0143","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0143"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0144","reference_id":"RHSA-2010:0144","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0144"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0145","reference_id":"RHSA-2010:0145","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0145"},{"reference_url":"https://usn.ubuntu.com/2456-1/","reference_id":"USN-2456-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2456-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/35635?format=json","purl":"pkg:deb/debian/cpio@2.11-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cpio@2.11-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/35621?format=json","purl":"pkg:deb/debian/cpio@2.13%2Bdfsg-7.1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-y8fv-ddtc-nkds"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cpio@2.13%252Bdfsg-7.1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/35617?format=json","purl":"pkg:deb/debian/cpio@2.13%2Bdfsg-7.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-y8fv-ddtc-nkds"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cpio@2.13%252Bdfsg-7.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/35623?format=json","purl":"pkg:deb/debian/cpio@2.15%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cpio@2.15%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/35622?format=json","purl":"pkg:deb/debian/cpio@2.15%2Bdfsg-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cpio@2.15%252Bdfsg-2.1%3Fdistro=trixie"}],"aliases":["CVE-2010-0624"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5pjk-sebx-3uhx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6386?format=json","vulnerability_id":"VCID-b93a-fet5-kbfy","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14866.json","reference_id":"","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14866.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14866","reference_id":"","reference_type":"","scores":[{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09855","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09901","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09904","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14866"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14866","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14866"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1765511","reference_id":"1765511","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1765511"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=941412","reference_id":"941412","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=941412"},{"reference_url":"https://security.gentoo.org/glsa/202407-07","reference_id":"GLSA-202407-07","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202407-07"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3908","reference_id":"RHSA-2020:3908","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3908"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0949","reference_id":"RHSA-2021:0949","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0949"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1582","reference_id":"RHSA-2021:1582","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1582"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0073","reference_id":"RHSA-2022:0073","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0073"},{"reference_url":"https://usn.ubuntu.com/4176-1/","reference_id":"USN-4176-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4176-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/35641?format=json","purl":"pkg:deb/debian/cpio@2.13%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cpio@2.13%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/35621?format=json","purl":"pkg:deb/debian/cpio@2.13%2Bdfsg-7.1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-y8fv-ddtc-nkds"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cpio@2.13%252Bdfsg-7.1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/35617?format=json","purl":"pkg:deb/debian/cpio@2.13%2Bdfsg-7.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-y8fv-ddtc-nkds"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cpio@2.13%252Bdfsg-7.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/35623?format=json","purl":"pkg:deb/debian/cpio@2.15%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cpio@2.15%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/35622?format=json","purl":"pkg:deb/debian/cpio@2.15%2Bdfsg-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cpio@2.15%252Bdfsg-2.1%3Fdistro=trixie"}],"aliases":["CVE-2019-14866"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"6.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b93a-fet5-kbfy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/200057?format=json","vulnerability_id":"VCID-c8w9-cyqy-fqaq","summary":"Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-1111.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-1111.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2005-1111","reference_id":"","reference_type":"","scores":[{"value":"0.00093","scoring_system":"epss","scoring_elements":"0.25999","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00093","scoring_system":"epss","scoring_elements":"0.26199","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00093","scoring_system":"epss","scoring_elements":"0.26213","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2005-1111"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1111","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1111"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1617604","reference_id":"1617604","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1617604"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=305372","reference_id":"305372","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=305372"},{"reference_url":"https://access.redhat.com/errata/RHSA-2005:378","reference_id":"RHSA-2005:378","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2005:378"},{"reference_url":"https://access.redhat.com/errata/RHSA-2005:806","reference_id":"RHSA-2005:806","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2005:806"},{"reference_url":"https://usn.ubuntu.com/189-1/","reference_id":"USN-189-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/189-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/35625?format=json","purl":"pkg:deb/debian/cpio@2.6-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cpio@2.6-6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/35621?format=json","purl":"pkg:deb/debian/cpio@2.13%2Bdfsg-7.1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-y8fv-ddtc-nkds"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cpio@2.13%252Bdfsg-7.1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/35617?format=json","purl":"pkg:deb/debian/cpio@2.13%2Bdfsg-7.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-y8fv-ddtc-nkds"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cpio@2.13%252Bdfsg-7.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/35623?format=json","purl":"pkg:deb/debian/cpio@2.15%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cpio@2.15%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/35622?format=json","purl":"pkg:deb/debian/cpio@2.15%2Bdfsg-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cpio@2.15%252Bdfsg-2.1%3Fdistro=trixie"}],"aliases":["CVE-2005-1111"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c8w9-cyqy-fqaq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/984?format=json","vulnerability_id":"VCID-c9mw-ww8y-mfgy","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2037.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2037.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2037","reference_id":"","reference_type":"","scores":[{"value":"0.15226","scoring_system":"epss","scoring_elements":"0.94766","published_at":"2026-06-11T12:55:00Z"},{"value":"0.15226","scoring_system":"epss","scoring_elements":"0.94784","published_at":"2026-06-12T12:55:00Z"},{"value":"0.15226","scoring_system":"epss","scoring_elements":"0.94791","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2037"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2037","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2037"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"1.5","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:M/Au:S/C:N/I:N/A:P"},{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1300207","reference_id":"1300207","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1300207"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=812401","reference_id":"812401","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=812401"},{"reference_url":"https://security.gentoo.org/glsa/202407-07","reference_id":"GLSA-202407-07","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202407-07"},{"reference_url":"https://usn.ubuntu.com/2906-1/","reference_id":"USN-2906-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2906-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/35640?format=json","purl":"pkg:deb/debian/cpio@2.11%2Bdfsg-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cpio@2.11%252Bdfsg-5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/35621?format=json","purl":"pkg:deb/debian/cpio@2.13%2Bdfsg-7.1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-y8fv-ddtc-nkds"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cpio@2.13%252Bdfsg-7.1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/35617?format=json","purl":"pkg:deb/debian/cpio@2.13%2Bdfsg-7.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-y8fv-ddtc-nkds"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cpio@2.13%252Bdfsg-7.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/35623?format=json","purl":"pkg:deb/debian/cpio@2.15%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cpio@2.15%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/35622?format=json","purl":"pkg:deb/debian/cpio@2.15%2Bdfsg-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cpio@2.15%252Bdfsg-2.1%3Fdistro=trixie"}],"aliases":["CVE-2016-2037"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c9mw-ww8y-mfgy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/113577?format=json","vulnerability_id":"VCID-fms4-pvsw-pfcn","summary":"security update","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9112.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9112.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9112","reference_id":"","reference_type":"","scores":[{"value":"0.01343","scoring_system":"epss","scoring_elements":"0.80449","published_at":"2026-06-11T12:55:00Z"},{"value":"0.01343","scoring_system":"epss","scoring_elements":"0.8051","published_at":"2026-06-12T12:55:00Z"},{"value":"0.01343","scoring_system":"epss","scoring_elements":"0.80522","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9112"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9112","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9112"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1167571","reference_id":"1167571","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1167571"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=772793","reference_id":"772793","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=772793"},{"reference_url":"https://security.gentoo.org/glsa/201502-11","reference_id":"GLSA-201502-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201502-11"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2108","reference_id":"RHSA-2015:2108","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2108"},{"reference_url":"https://usn.ubuntu.com/2456-1/","reference_id":"USN-2456-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2456-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/35636?format=json","purl":"pkg:deb/debian/cpio@2.11%2Bdfsg-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cpio@2.11%252Bdfsg-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/35621?format=json","purl":"pkg:deb/debian/cpio@2.13%2Bdfsg-7.1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-y8fv-ddtc-nkds"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cpio@2.13%252Bdfsg-7.1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/35617?format=json","purl":"pkg:deb/debian/cpio@2.13%2Bdfsg-7.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-y8fv-ddtc-nkds"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cpio@2.13%252Bdfsg-7.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/35623?format=json","purl":"pkg:deb/debian/cpio@2.15%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cpio@2.15%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/35622?format=json","purl":"pkg:deb/debian/cpio@2.15%2Bdfsg-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cpio@2.15%252Bdfsg-2.1%3Fdistro=trixie"}],"aliases":["CVE-2014-9112"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fms4-pvsw-pfcn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/200256?format=json","vulnerability_id":"VCID-m4uh-nd6v-9kft","summary":"Buffer overflow in cpio 2.6-8.FC4 on 64-bit platforms, when creating a cpio archive, allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a file whose size is represented by more than 8 digits.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-4268.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-4268.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2005-4268","reference_id":"","reference_type":"","scores":[{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.16128","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.1627","published_at":"2026-06-12T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.16279","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2005-4268"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4268","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4268"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=229191","reference_id":"229191","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=229191"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=344134","reference_id":"344134","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=344134"},{"reference_url":"https://access.redhat.com/errata/RHSA-2007:0245","reference_id":"RHSA-2007:0245","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2007:0245"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0145","reference_id":"RHSA-2010:0145","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0145"},{"reference_url":"https://usn.ubuntu.com/234-1/","reference_id":"USN-234-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/234-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/35629?format=json","purl":"pkg:deb/debian/cpio@2.6-10?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cpio@2.6-10%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/35621?format=json","purl":"pkg:deb/debian/cpio@2.13%2Bdfsg-7.1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-y8fv-ddtc-nkds"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cpio@2.13%252Bdfsg-7.1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/35617?format=json","purl":"pkg:deb/debian/cpio@2.13%2Bdfsg-7.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-y8fv-ddtc-nkds"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cpio@2.13%252Bdfsg-7.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/35623?format=json","purl":"pkg:deb/debian/cpio@2.15%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cpio@2.15%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/35622?format=json","purl":"pkg:deb/debian/cpio@2.15%2Bdfsg-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cpio@2.15%252Bdfsg-2.1%3Fdistro=trixie"}],"aliases":["CVE-2005-4268"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m4uh-nd6v-9kft"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/200067?format=json","vulnerability_id":"VCID-rar4-238y-ckft","summary":"Directory traversal vulnerability in cpio 2.6 and earlier allows remote attackers to write to arbitrary directories via a .. (dot dot) in a cpio file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-1229.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-1229.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2005-1229","reference_id":"","reference_type":"","scores":[{"value":"0.00962","scoring_system":"epss","scoring_elements":"0.7694","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00962","scoring_system":"epss","scoring_elements":"0.77012","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00962","scoring_system":"epss","scoring_elements":"0.77026","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2005-1229"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1229","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1229"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=156313","reference_id":"156313","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=156313"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=306693","reference_id":"306693","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=306693"},{"reference_url":"https://usn.ubuntu.com/189-1/","reference_id":"USN-189-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/189-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/35625?format=json","purl":"pkg:deb/debian/cpio@2.6-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cpio@2.6-6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/35621?format=json","purl":"pkg:deb/debian/cpio@2.13%2Bdfsg-7.1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-y8fv-ddtc-nkds"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cpio@2.13%252Bdfsg-7.1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/35617?format=json","purl":"pkg:deb/debian/cpio@2.13%2Bdfsg-7.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-y8fv-ddtc-nkds"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cpio@2.13%252Bdfsg-7.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/35623?format=json","purl":"pkg:deb/debian/cpio@2.15%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cpio@2.15%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/35622?format=json","purl":"pkg:deb/debian/cpio@2.15%2Bdfsg-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cpio@2.15%252Bdfsg-2.1%3Fdistro=trixie"}],"aliases":["CVE-2005-1229"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rar4-238y-ckft"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9919?format=json","vulnerability_id":"VCID-rr3s-y9k1-jqh6","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38185.json","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38185.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-38185","reference_id":"","reference_type":"","scores":[{"value":"0.26333","scoring_system":"epss","scoring_elements":"0.96432","published_at":"2026-06-11T12:55:00Z"},{"value":"0.26333","scoring_system":"epss","scoring_elements":"0.96442","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-38185"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38185","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38185"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1991731","reference_id":"1991731","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1991731"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992045","reference_id":"992045","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992045"},{"reference_url":"https://security.archlinux.org/AVG-2262","reference_id":"AVG-2262","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2262"},{"reference_url":"https://github.com/fangqyi/cpiopwn","reference_id":"cpiopwn","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:10:43Z/"}],"url":"https://github.com/fangqyi/cpiopwn"},{"reference_url":"https://security.gentoo.org/glsa/202407-07","reference_id":"GLSA-202407-07","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202407-07"},{"reference_url":"https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=dd96882877721703e19272fe25034560b794061b","reference_id":"?id=dd96882877721703e19272fe25034560b794061b","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:10:43Z/"}],"url":"https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=dd96882877721703e19272fe25034560b794061b"},{"reference_url":"https://lists.gnu.org/archive/html/bug-cpio/2021-08/msg00000.html","reference_id":"msg00000.html","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:10:43Z/"}],"url":"https://lists.gnu.org/archive/html/bug-cpio/2021-08/msg00000.html"},{"reference_url":"https://lists.gnu.org/archive/html/bug-cpio/2021-08/msg00002.html","reference_id":"msg00002.html","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:10:43Z/"}],"url":"https://lists.gnu.org/archive/html/bug-cpio/2021-08/msg00002.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/06/msg00007.html","reference_id":"msg00007.html","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:10:43Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/06/msg00007.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1991","reference_id":"RHSA-2022:1991","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1991"},{"reference_url":"https://usn.ubuntu.com/5064-1/","reference_id":"USN-5064-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5064-1/"},{"reference_url":"https://usn.ubuntu.com/5064-2/","reference_id":"USN-5064-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5064-2/"},{"reference_url":"https://usn.ubuntu.com/5064-3/","reference_id":"USN-5064-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5064-3/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/35642?format=json","purl":"pkg:deb/debian/cpio@2.13%2Bdfsg-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cpio@2.13%252Bdfsg-5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/35621?format=json","purl":"pkg:deb/debian/cpio@2.13%2Bdfsg-7.1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-y8fv-ddtc-nkds"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cpio@2.13%252Bdfsg-7.1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/35617?format=json","purl":"pkg:deb/debian/cpio@2.13%2Bdfsg-7.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-y8fv-ddtc-nkds"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cpio@2.13%252Bdfsg-7.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/35623?format=json","purl":"pkg:deb/debian/cpio@2.15%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cpio@2.15%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/35622?format=json","purl":"pkg:deb/debian/cpio@2.15%2Bdfsg-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cpio@2.15%252Bdfsg-2.1%3Fdistro=trixie"}],"aliases":["CVE-2021-38185"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"7.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rr3s-y9k1-jqh6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/180489?format=json","vulnerability_id":"VCID-s6mz-hnpc-a3he","summary":"GNU cpio contains a buffer overflow vulnerability, possibly resulting in a\n    Denial of Service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-4476.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-4476.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-4476","reference_id":"","reference_type":"","scores":[{"value":"0.12223","scoring_system":"epss","scoring_elements":"0.94004","published_at":"2026-06-11T12:55:00Z"},{"value":"0.12223","scoring_system":"epss","scoring_elements":"0.94024","published_at":"2026-06-12T12:55:00Z"},{"value":"0.12223","scoring_system":"epss","scoring_elements":"0.94029","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-4476"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4476","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4476"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=280961","reference_id":"280961","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=280961"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=441444","reference_id":"441444","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=441444"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=449222","reference_id":"449222","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=449222"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/30766.c","reference_id":"CVE-2007-4476;OSVDB-42149","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/30766.c"},{"reference_url":"https://www.securityfocus.com/bid/26445/info","reference_id":"CVE-2007-4476;OSVDB-42149","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/26445/info"},{"reference_url":"https://security.gentoo.org/glsa/200711-18","reference_id":"GLSA-200711-18","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200711-18"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0141","reference_id":"RHSA-2010:0141","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0141"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0144","reference_id":"RHSA-2010:0144","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0144"},{"reference_url":"https://usn.ubuntu.com/650-1/","reference_id":"USN-650-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/650-1/"},{"reference_url":"https://usn.ubuntu.com/709-1/","reference_id":"USN-709-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/709-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/35632?format=json","purl":"pkg:deb/debian/cpio@2.9-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cpio@2.9-5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/35621?format=json","purl":"pkg:deb/debian/cpio@2.13%2Bdfsg-7.1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-y8fv-ddtc-nkds"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cpio@2.13%252Bdfsg-7.1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/35617?format=json","purl":"pkg:deb/debian/cpio@2.13%2Bdfsg-7.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-y8fv-ddtc-nkds"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cpio@2.13%252Bdfsg-7.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/35623?format=json","purl":"pkg:deb/debian/cpio@2.15%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cpio@2.15%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/35622?format=json","purl":"pkg:deb/debian/cpio@2.15%2Bdfsg-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cpio@2.15%252Bdfsg-2.1%3Fdistro=trixie"}],"aliases":["CVE-2007-4476"],"risk_score":0.2,"exploitability":"2.0","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s6mz-hnpc-a3he"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/182106?format=json","vulnerability_id":"VCID-xdb8-m26h-27dq","summary":"Two vulnerabilities have been found in GNU cpio, the worst of which\n    could result in execution of arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1197.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1197.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1197","reference_id":"","reference_type":"","scores":[{"value":"0.03944","scoring_system":"epss","scoring_elements":"0.88609","published_at":"2026-06-11T12:55:00Z"},{"value":"0.03944","scoring_system":"epss","scoring_elements":"0.88648","published_at":"2026-06-12T12:55:00Z"},{"value":"0.03944","scoring_system":"epss","scoring_elements":"0.88654","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1197"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1197","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1197"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1179773","reference_id":"1179773","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1179773"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774669","reference_id":"774669","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774669"},{"reference_url":"https://security.gentoo.org/glsa/201502-11","reference_id":"GLSA-201502-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201502-11"},{"reference_url":"https://usn.ubuntu.com/2906-1/","reference_id":"USN-2906-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2906-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/35639?format=json","purl":"pkg:deb/debian/cpio@2.11%2Bdfsg-4.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cpio@2.11%252Bdfsg-4.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/35621?format=json","purl":"pkg:deb/debian/cpio@2.13%2Bdfsg-7.1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-y8fv-ddtc-nkds"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cpio@2.13%252Bdfsg-7.1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/35617?format=json","purl":"pkg:deb/debian/cpio@2.13%2Bdfsg-7.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-y8fv-ddtc-nkds"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cpio@2.13%252Bdfsg-7.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/35623?format=json","purl":"pkg:deb/debian/cpio@2.15%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cpio@2.15%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/35622?format=json","purl":"pkg:deb/debian/cpio@2.15%2Bdfsg-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cpio@2.15%252Bdfsg-2.1%3Fdistro=trixie"}],"aliases":["CVE-2015-1197"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xdb8-m26h-27dq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/17953?format=json","vulnerability_id":"VCID-y8fv-ddtc-nkds","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-7207.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-7207.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-7207","reference_id":"","reference_type":"","scores":[{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19195","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19384","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19365","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-7207"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/01/05/1","reference_id":"1","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T20:19:09Z/"}],"url":"http://www.openwall.com/lists/oss-security/2024/01/05/1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2266856","reference_id":"2266856","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2266856"},{"reference_url":"https://www.openwall.com/lists/oss-security/2023/12/21/8","reference_id":"8","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T20:19:09Z/"}],"url":"https://www.openwall.com/lists/oss-security/2023/12/21/8"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059163","reference_id":"bugreport.cgi?bug=1059163","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T20:19:09Z/"}],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059163"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7207","reference_id":"cvename.cgi?name=CVE-2023-7207","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T20:19:09Z/"}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7207"},{"reference_url":"https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=376d663340a9dc91c91a5849e5713f07571c1628","reference_id":"?id=376d663340a9dc91c91a5849e5713f07571c1628","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T20:19:09Z/"}],"url":"https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=376d663340a9dc91c91a5849e5713f07571c1628"},{"reference_url":"https://usn.ubuntu.com/6755-1/","reference_id":"USN-6755-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6755-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/35644?format=json","purl":"pkg:deb/debian/cpio@2.14%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cpio@2.14%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/35623?format=json","purl":"pkg:deb/debian/cpio@2.15%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cpio@2.15%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/35622?format=json","purl":"pkg:deb/debian/cpio@2.15%2Bdfsg-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cpio@2.15%252Bdfsg-2.1%3Fdistro=trixie"}],"aliases":["CVE-2023-7207"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y8fv-ddtc-nkds"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cpio@2.15%252Bdfsg-2.1%3Fdistro=trixie"}