{"url":"http://public2.vulnerablecode.io/api/packages/359655?format=json","purl":"pkg:apk/alpine/libvncserver@0.9.13-r0?arch=x86_64&distroversion=v3.13&reponame=community","type":"apk","namespace":"alpine","name":"libvncserver","version":"0.9.13-r0","qualifiers":{"arch":"x86_64","distroversion":"v3.13","reponame":"community"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77701?format=json","vulnerability_id":"VCID-3gf3-zrf8-uuc5","summary":"A divide by zero issue was found to occur in libvncserver-0.9.12. A malicious client could use this flaw to send a specially crafted message that, when processed by the VNC server, would lead to a floating point exception, resulting in a denial of service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25708.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25708.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-25708","reference_id":"","reference_type":"","scores":[{"value":"0.00784","scoring_system":"epss","scoring_elements":"0.74116","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00784","scoring_system":"epss","scoring_elements":"0.74149","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00784","scoring_system":"epss","scoring_elements":"0.74154","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00784","scoring_system":"epss","scoring_elements":"0.7414","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00784","scoring_system":"epss","scoring_elements":"0.74123","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-25708"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25708","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25708"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1896739","reference_id":"1896739","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1896739"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1811","reference_id":"RHSA-2021:1811","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1811"},{"reference_url":"https://usn.ubuntu.com/4636-1/","reference_id":"USN-4636-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4636-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/359655?format=json","purl":"pkg:apk/alpine/libvncserver@0.9.13-r0?arch=x86_64&distroversion=v3.13&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/libvncserver@0.9.13-r0%3Farch=x86_64&distroversion=v3.13&reponame=community"}],"aliases":["CVE-2020-25708"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3gf3-zrf8-uuc5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77696?format=json","vulnerability_id":"VCID-9d78-wqhh-pbcn","summary":"An issue was discovered in LibVNCServer before 0.9.13. libvncserver/corre.c allows out-of-bounds access via encodings.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14402.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14402.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14402","reference_id":"","reference_type":"","scores":[{"value":"0.0257","scoring_system":"epss","scoring_elements":"0.8582","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0257","scoring_system":"epss","scoring_elements":"0.85842","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0257","scoring_system":"epss","scoring_elements":"0.85825","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0257","scoring_system":"epss","scoring_elements":"0.85843","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0257","scoring_system":"epss","scoring_elements":"0.8584","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14402"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14402","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14402"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1860367","reference_id":"1860367","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1860367"},{"reference_url":"https://usn.ubuntu.com/4434-1/","reference_id":"USN-4434-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4434-1/"},{"reference_url":"https://usn.ubuntu.com/4573-1/","reference_id":"USN-4573-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4573-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/359655?format=json","purl":"pkg:apk/alpine/libvncserver@0.9.13-r0?arch=x86_64&distroversion=v3.13&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/libvncserver@0.9.13-r0%3Farch=x86_64&distroversion=v3.13&reponame=community"}],"aliases":["CVE-2020-14402"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"4.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9d78-wqhh-pbcn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77686?format=json","vulnerability_id":"VCID-eks9-j9wf-q7cn","summary":"libvncclient/sockets.c in LibVNCServer before 0.9.13 has a buffer overflow via a long socket filename.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-20839.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-20839.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-20839","reference_id":"","reference_type":"","scores":[{"value":"0.04134","scoring_system":"epss","scoring_elements":"0.88842","published_at":"2026-06-04T12:55:00Z"},{"value":"0.04134","scoring_system":"epss","scoring_elements":"0.88859","published_at":"2026-06-06T12:55:00Z"},{"value":"0.04134","scoring_system":"epss","scoring_elements":"0.88857","published_at":"2026-06-07T12:55:00Z"},{"value":"0.04134","scoring_system":"epss","scoring_elements":"0.88856","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-20839"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20839","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20839"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1849877","reference_id":"1849877","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1849877"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1811","reference_id":"RHSA-2021:1811","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1811"},{"reference_url":"https://usn.ubuntu.com/4434-1/","reference_id":"USN-4434-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4434-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/359655?format=json","purl":"pkg:apk/alpine/libvncserver@0.9.13-r0?arch=x86_64&distroversion=v3.13&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/libvncserver@0.9.13-r0%3Farch=x86_64&distroversion=v3.13&reponame=community"}],"aliases":["CVE-2019-20839"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-eks9-j9wf-q7cn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77697?format=json","vulnerability_id":"VCID-hh4x-d9pd-ebe4","summary":"An issue was discovered in LibVNCServer before 0.9.13. libvncserver/hextile.c allows out-of-bounds access via encodings.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14403.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14403.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14403","reference_id":"","reference_type":"","scores":[{"value":"0.01332","scoring_system":"epss","scoring_elements":"0.80295","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01332","scoring_system":"epss","scoring_elements":"0.8032","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01332","scoring_system":"epss","scoring_elements":"0.80312","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01332","scoring_system":"epss","scoring_elements":"0.80323","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01332","scoring_system":"epss","scoring_elements":"0.80319","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14403"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14403","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14403"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1860334","reference_id":"1860334","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1860334"},{"reference_url":"https://usn.ubuntu.com/4434-1/","reference_id":"USN-4434-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4434-1/"},{"reference_url":"https://usn.ubuntu.com/4573-1/","reference_id":"USN-4573-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4573-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/359655?format=json","purl":"pkg:apk/alpine/libvncserver@0.9.13-r0?arch=x86_64&distroversion=v3.13&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/libvncserver@0.9.13-r0%3Farch=x86_64&distroversion=v3.13&reponame=community"}],"aliases":["CVE-2020-14403"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"4.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hh4x-d9pd-ebe4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77691?format=json","vulnerability_id":"VCID-j4zz-yk4y-y7ds","summary":"An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint32_t pointers in libvncclient/rfbproto.c. NOTE: there is reportedly \"no trust boundary crossed.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14399.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14399.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14399","reference_id":"","reference_type":"","scores":[{"value":"0.02462","scoring_system":"epss","scoring_elements":"0.85524","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02462","scoring_system":"epss","scoring_elements":"0.85547","published_at":"2026-06-07T12:55:00Z"},{"value":"0.02462","scoring_system":"epss","scoring_elements":"0.85552","published_at":"2026-06-06T12:55:00Z"},{"value":"0.02462","scoring_system":"epss","scoring_elements":"0.85532","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14399"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14399","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14399"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1860354","reference_id":"1860354","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1860354"},{"reference_url":"https://usn.ubuntu.com/4434-1/","reference_id":"USN-4434-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4434-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/359655?format=json","purl":"pkg:apk/alpine/libvncserver@0.9.13-r0?arch=x86_64&distroversion=v3.13&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/libvncserver@0.9.13-r0%3Farch=x86_64&distroversion=v3.13&reponame=community"}],"aliases":["CVE-2020-14399"],"risk_score":1.1,"exploitability":"0.5","weighted_severity":"2.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j4zz-yk4y-y7ds"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77687?format=json","vulnerability_id":"VCID-jn8p-cbaf-uqc7","summary":"An issue was discovered in LibVNCServer before 0.9.13. libvncserver/ws_decode.c can lead to a crash because of unaligned accesses in hybiReadAndDecode.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-20840.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-20840.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-20840","reference_id":"","reference_type":"","scores":[{"value":"0.02935","scoring_system":"epss","scoring_elements":"0.86689","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02935","scoring_system":"epss","scoring_elements":"0.86712","published_at":"2026-06-05T12:55:00Z"},{"value":"0.02935","scoring_system":"epss","scoring_elements":"0.86697","published_at":"2026-06-08T12:55:00Z"},{"value":"0.02935","scoring_system":"epss","scoring_elements":"0.8671","published_at":"2026-06-06T12:55:00Z"},{"value":"0.02935","scoring_system":"epss","scoring_elements":"0.86707","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-20840"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20840","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20840"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1849881","reference_id":"1849881","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1849881"},{"reference_url":"https://usn.ubuntu.com/4434-1/","reference_id":"USN-4434-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4434-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/359655?format=json","purl":"pkg:apk/alpine/libvncserver@0.9.13-r0?arch=x86_64&distroversion=v3.13&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/libvncserver@0.9.13-r0%3Farch=x86_64&distroversion=v3.13&reponame=community"}],"aliases":["CVE-2019-20840"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jn8p-cbaf-uqc7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77693?format=json","vulnerability_id":"VCID-t4ke-zyfm-nqd3","summary":"An issue was discovered in LibVNCServer before 0.9.13. libvncserver/scale.c has a pixel_value integer overflow.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14401.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14401.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14401","reference_id":"","reference_type":"","scores":[{"value":"0.01299","scoring_system":"epss","scoring_elements":"0.80062","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01299","scoring_system":"epss","scoring_elements":"0.80088","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01299","scoring_system":"epss","scoring_elements":"0.80078","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01299","scoring_system":"epss","scoring_elements":"0.80092","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01299","scoring_system":"epss","scoring_elements":"0.80087","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14401"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14401","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14401"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1860364","reference_id":"1860364","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1860364"},{"reference_url":"https://usn.ubuntu.com/4434-1/","reference_id":"USN-4434-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4434-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/359655?format=json","purl":"pkg:apk/alpine/libvncserver@0.9.13-r0?arch=x86_64&distroversion=v3.13&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/libvncserver@0.9.13-r0%3Farch=x86_64&distroversion=v3.13&reponame=community"}],"aliases":["CVE-2020-14401"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t4ke-zyfm-nqd3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77699?format=json","vulnerability_id":"VCID-uw43-p37a-syec","summary":"An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rre.c allows out-of-bounds access via encodings.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14404.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14404.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14404","reference_id":"","reference_type":"","scores":[{"value":"0.01332","scoring_system":"epss","scoring_elements":"0.80295","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01332","scoring_system":"epss","scoring_elements":"0.8032","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01332","scoring_system":"epss","scoring_elements":"0.80312","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01332","scoring_system":"epss","scoring_elements":"0.80323","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01332","scoring_system":"epss","scoring_elements":"0.80319","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14404"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14404","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14404"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1860337","reference_id":"1860337","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1860337"},{"reference_url":"https://usn.ubuntu.com/4434-1/","reference_id":"USN-4434-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4434-1/"},{"reference_url":"https://usn.ubuntu.com/4573-1/","reference_id":"USN-4573-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4573-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/359655?format=json","purl":"pkg:apk/alpine/libvncserver@0.9.13-r0?arch=x86_64&distroversion=v3.13&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/libvncserver@0.9.13-r0%3Farch=x86_64&distroversion=v3.13&reponame=community"}],"aliases":["CVE-2020-14404"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"4.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uw43-p37a-syec"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77700?format=json","vulnerability_id":"VCID-vdnw-c2k8-pfdy","summary":"An issue was discovered in LibVNCServer before 0.9.13. libvncclient/rfbproto.c does not limit TextChat size.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14405.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14405.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14405","reference_id":"","reference_type":"","scores":[{"value":"0.01401","scoring_system":"epss","scoring_elements":"0.80763","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01401","scoring_system":"epss","scoring_elements":"0.80791","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01401","scoring_system":"epss","scoring_elements":"0.80786","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01401","scoring_system":"epss","scoring_elements":"0.80792","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01401","scoring_system":"epss","scoring_elements":"0.80789","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14405"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14405","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14405"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1860325","reference_id":"1860325","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1860325"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1811","reference_id":"RHSA-2021:1811","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1811"},{"reference_url":"https://usn.ubuntu.com/4434-1/","reference_id":"USN-4434-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4434-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/359655?format=json","purl":"pkg:apk/alpine/libvncserver@0.9.13-r0?arch=x86_64&distroversion=v3.13&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/libvncserver@0.9.13-r0%3Farch=x86_64&distroversion=v3.13&reponame=community"}],"aliases":["CVE-2020-14405"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vdnw-c2k8-pfdy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77692?format=json","vulnerability_id":"VCID-yzge-5eyr-3kc8","summary":"An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c. NOTE: Third parties do not consider this to be a vulnerability as there is no known path of exploitation or cross of a trust boundary","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14400.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14400.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14400","reference_id":"","reference_type":"","scores":[{"value":"0.02462","scoring_system":"epss","scoring_elements":"0.85524","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02462","scoring_system":"epss","scoring_elements":"0.85547","published_at":"2026-06-07T12:55:00Z"},{"value":"0.02462","scoring_system":"epss","scoring_elements":"0.85552","published_at":"2026-06-06T12:55:00Z"},{"value":"0.02462","scoring_system":"epss","scoring_elements":"0.85532","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14400"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14400","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14400"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1860361","reference_id":"1860361","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1860361"},{"reference_url":"https://usn.ubuntu.com/4434-1/","reference_id":"USN-4434-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4434-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/359655?format=json","purl":"pkg:apk/alpine/libvncserver@0.9.13-r0?arch=x86_64&distroversion=v3.13&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/libvncserver@0.9.13-r0%3Farch=x86_64&distroversion=v3.13&reponame=community"}],"aliases":["CVE-2020-14400"],"risk_score":1.1,"exploitability":"0.5","weighted_severity":"2.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yzge-5eyr-3kc8"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/libvncserver@0.9.13-r0%3Farch=x86_64&distroversion=v3.13&reponame=community"}