{"url":"http://public2.vulnerablecode.io/api/packages/4200?format=json","purl":"pkg:deb/debian/libvncserver@0.9.9%2Bdfsg2-6.1%2Bdeb8u3","type":"deb","namespace":"debian","name":"libvncserver","version":"0.9.9+dfsg2-6.1+deb8u3","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"0.9.15+dfsg-5","latest_non_vulnerable_version":"0.9.15+dfsg-5","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77680?format=json","vulnerability_id":"VCID-13ws-y65t-ykbx","summary":"LibVNC before commit ca2a5ac02fbbadd0a21fabba779c1ea69173d10b contains heap use-after-free vulnerability in server code of file transfer extension that can result remote code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-6307.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-6307.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-6307","reference_id":"","reference_type":"","scores":[{"value":"0.09475","scoring_system":"epss","scoring_elements":"0.92978","published_at":"2026-06-04T12:55:00Z"},{"value":"0.09475","scoring_system":"epss","scoring_elements":"0.92988","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-6307"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15126","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15126"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15127","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15127"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20019","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20019"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20020","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20020"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20021","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20021"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20022","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20022"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20023","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20023"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20024","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20024"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-21247","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-21247"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6307","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6307"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1661136","reference_id":"1661136","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1661136"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916941","reference_id":"916941","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916941"},{"reference_url":"https://usn.ubuntu.com/3877-1/","reference_id":"USN-3877-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3877-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5110?format=json","purl":"pkg:deb/debian/libvncserver@0.9.11%2Bdfsg-1.3~deb9u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3938-7dgh-t7fc"},{"vulnerability":"VCID-3gf3-zrf8-uuc5"},{"vulnerability":"VCID-5q7x-qej6-skap"},{"vulnerability":"VCID-72vg-qxu9-nkfy"},{"vulnerability":"VCID-8hw6-pgk7-u3aq"},{"vulnerability":"VCID-9d78-wqhh-pbcn"},{"vulnerability":"VCID-du17-2h7q-tbdw"},{"vulnerability":"VCID-eks9-j9wf-q7cn"},{"vulnerability":"VCID-fj5x-gk5u-9fcy"},{"vulnerability":"VCID-hh4x-d9pd-ebe4"},{"vulnerability":"VCID-j4zz-yk4y-y7ds"},{"vulnerability":"VCID-jn8p-cbaf-uqc7"},{"vulnerability":"VCID-kt63-8u88-wkam"},{"vulnerability":"VCID-rb8e-gsev-7kaw"},{"vulnerability":"VCID-rqua-ax7d-w7ae"},{"vulnerability":"VCID-t4ke-zyfm-nqd3"},{"vulnerability":"VCID-uv5b-pus6-afa9"},{"vulnerability":"VCID-uw43-p37a-syec"},{"vulnerability":"VCID-vdnw-c2k8-pfdy"},{"vulnerability":"VCID-ykkk-3xmt-d7g7"},{"vulnerability":"VCID-yzge-5eyr-3kc8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.11%252Bdfsg-1.3~deb9u4"}],"aliases":["CVE-2018-6307"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-13ws-y65t-ykbx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77685?format=json","vulnerability_id":"VCID-3938-7dgh-t7fc","summary":"libvncclient/cursor.c in LibVNCServer through 0.9.12 has a HandleCursorShape integer overflow and heap-based buffer overflow via a large height or width value. NOTE: this may overlap CVE-2019-15690.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-20788.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-20788.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-20788","reference_id":"","reference_type":"","scores":[{"value":"0.00796","scoring_system":"epss","scoring_elements":"0.74333","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00796","scoring_system":"epss","scoring_elements":"0.74366","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-20788"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20788","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20788"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1829870","reference_id":"1829870","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1829870"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954163","reference_id":"954163","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954163"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0913","reference_id":"RHSA-2020:0913","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0913"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0920","reference_id":"RHSA-2020:0920","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0920"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0921","reference_id":"RHSA-2020:0921","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0921"},{"reference_url":"https://usn.ubuntu.com/4407-1/","reference_id":"USN-4407-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4407-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/509716?format=json","purl":"pkg:deb/debian/libvncserver@0.9.13%2Bdfsg-2%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-29gt-w9qk-a3ac"},{"vulnerability":"VCID-878j-2fje-33c9"},{"vulnerability":"VCID-znxq-kbyc-h7cd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.13%252Bdfsg-2%252Bdeb11u1"}],"aliases":["CVE-2019-20788"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3938-7dgh-t7fc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77701?format=json","vulnerability_id":"VCID-3gf3-zrf8-uuc5","summary":"A divide by zero issue was found to occur in libvncserver-0.9.12. A malicious client could use this flaw to send a specially crafted message that, when processed by the VNC server, would lead to a floating point exception, resulting in a denial of service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25708.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25708.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-25708","reference_id":"","reference_type":"","scores":[{"value":"0.00784","scoring_system":"epss","scoring_elements":"0.74116","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00784","scoring_system":"epss","scoring_elements":"0.74149","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-25708"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25708","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25708"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1896739","reference_id":"1896739","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1896739"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1811","reference_id":"RHSA-2021:1811","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1811"},{"reference_url":"https://usn.ubuntu.com/4636-1/","reference_id":"USN-4636-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4636-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/509716?format=json","purl":"pkg:deb/debian/libvncserver@0.9.13%2Bdfsg-2%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-29gt-w9qk-a3ac"},{"vulnerability":"VCID-878j-2fje-33c9"},{"vulnerability":"VCID-znxq-kbyc-h7cd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.13%252Bdfsg-2%252Bdeb11u1"}],"aliases":["CVE-2020-25708"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3gf3-zrf8-uuc5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6328?format=json","vulnerability_id":"VCID-3m91-rw1t-5bh8","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7225.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7225.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-7225","reference_id":"","reference_type":"","scores":[{"value":"0.03304","scoring_system":"epss","scoring_elements":"0.87461","published_at":"2026-06-04T12:55:00Z"},{"value":"0.03304","scoring_system":"epss","scoring_elements":"0.87483","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-7225"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7225","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7225"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1546858","reference_id":"1546858","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1546858"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=894045","reference_id":"894045","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=894045"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=945784","reference_id":"945784","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=945784"},{"reference_url":"https://security.archlinux.org/AVG-628","reference_id":"AVG-628","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-628"},{"reference_url":"https://security.gentoo.org/glsa/201908-05","reference_id":"GLSA-201908-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201908-05"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1055","reference_id":"RHSA-2018:1055","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1055"},{"reference_url":"https://usn.ubuntu.com/3618-1/","reference_id":"USN-3618-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3618-1/"},{"reference_url":"https://usn.ubuntu.com/4547-1/","reference_id":"USN-4547-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4547-1/"},{"reference_url":"https://usn.ubuntu.com/4573-1/","reference_id":"USN-4573-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4573-1/"},{"reference_url":"https://usn.ubuntu.com/4587-1/","reference_id":"USN-4587-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4587-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5110?format=json","purl":"pkg:deb/debian/libvncserver@0.9.11%2Bdfsg-1.3~deb9u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3938-7dgh-t7fc"},{"vulnerability":"VCID-3gf3-zrf8-uuc5"},{"vulnerability":"VCID-5q7x-qej6-skap"},{"vulnerability":"VCID-72vg-qxu9-nkfy"},{"vulnerability":"VCID-8hw6-pgk7-u3aq"},{"vulnerability":"VCID-9d78-wqhh-pbcn"},{"vulnerability":"VCID-du17-2h7q-tbdw"},{"vulnerability":"VCID-eks9-j9wf-q7cn"},{"vulnerability":"VCID-fj5x-gk5u-9fcy"},{"vulnerability":"VCID-hh4x-d9pd-ebe4"},{"vulnerability":"VCID-j4zz-yk4y-y7ds"},{"vulnerability":"VCID-jn8p-cbaf-uqc7"},{"vulnerability":"VCID-kt63-8u88-wkam"},{"vulnerability":"VCID-rb8e-gsev-7kaw"},{"vulnerability":"VCID-rqua-ax7d-w7ae"},{"vulnerability":"VCID-t4ke-zyfm-nqd3"},{"vulnerability":"VCID-uv5b-pus6-afa9"},{"vulnerability":"VCID-uw43-p37a-syec"},{"vulnerability":"VCID-vdnw-c2k8-pfdy"},{"vulnerability":"VCID-ykkk-3xmt-d7g7"},{"vulnerability":"VCID-yzge-5eyr-3kc8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.11%252Bdfsg-1.3~deb9u4"}],"aliases":["CVE-2018-7225"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3m91-rw1t-5bh8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77668?format=json","vulnerability_id":"VCID-41xg-5knm-8udw","summary":"LibVNC before commit a83439b9fbe0f03c48eb94ed05729cb016f8b72f contains multiple heap out-of-bound write vulnerabilities in VNC client code that can result remote code execution","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20019.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20019.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20019","reference_id":"","reference_type":"","scores":[{"value":"0.168","scoring_system":"epss","scoring_elements":"0.95072","published_at":"2026-06-04T12:55:00Z"},{"value":"0.168","scoring_system":"epss","scoring_elements":"0.95081","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20019"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15126","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15126"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15127","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15127"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20019","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20019"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20020","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20020"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20021","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20021"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20022","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20022"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20023","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20023"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20024","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20024"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-21247","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-21247"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6307","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6307"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1661114","reference_id":"1661114","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1661114"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916941","reference_id":"916941","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916941"},{"reference_url":"https://security.gentoo.org/glsa/201908-05","reference_id":"GLSA-201908-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201908-05"},{"reference_url":"https://usn.ubuntu.com/3877-1/","reference_id":"USN-3877-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3877-1/"},{"reference_url":"https://usn.ubuntu.com/4547-1/","reference_id":"USN-4547-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4547-1/"},{"reference_url":"https://usn.ubuntu.com/4587-1/","reference_id":"USN-4587-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4587-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5110?format=json","purl":"pkg:deb/debian/libvncserver@0.9.11%2Bdfsg-1.3~deb9u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3938-7dgh-t7fc"},{"vulnerability":"VCID-3gf3-zrf8-uuc5"},{"vulnerability":"VCID-5q7x-qej6-skap"},{"vulnerability":"VCID-72vg-qxu9-nkfy"},{"vulnerability":"VCID-8hw6-pgk7-u3aq"},{"vulnerability":"VCID-9d78-wqhh-pbcn"},{"vulnerability":"VCID-du17-2h7q-tbdw"},{"vulnerability":"VCID-eks9-j9wf-q7cn"},{"vulnerability":"VCID-fj5x-gk5u-9fcy"},{"vulnerability":"VCID-hh4x-d9pd-ebe4"},{"vulnerability":"VCID-j4zz-yk4y-y7ds"},{"vulnerability":"VCID-jn8p-cbaf-uqc7"},{"vulnerability":"VCID-kt63-8u88-wkam"},{"vulnerability":"VCID-rb8e-gsev-7kaw"},{"vulnerability":"VCID-rqua-ax7d-w7ae"},{"vulnerability":"VCID-t4ke-zyfm-nqd3"},{"vulnerability":"VCID-uv5b-pus6-afa9"},{"vulnerability":"VCID-uw43-p37a-syec"},{"vulnerability":"VCID-vdnw-c2k8-pfdy"},{"vulnerability":"VCID-ykkk-3xmt-d7g7"},{"vulnerability":"VCID-yzge-5eyr-3kc8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.11%252Bdfsg-1.3~deb9u4"}],"aliases":["CVE-2018-20019"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-41xg-5knm-8udw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77702?format=json","vulnerability_id":"VCID-5q7x-qej6-skap","summary":"libvncclient v0.9.13 was discovered to contain a memory leak via the function rfbClientCleanup().","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-29260.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-29260.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-29260","reference_id":"","reference_type":"","scores":[{"value":"0.00939","scoring_system":"epss","scoring_elements":"0.76594","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00939","scoring_system":"epss","scoring_elements":"0.76624","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-29260"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29260","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29260"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1019228","reference_id":"1019228","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1019228"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2124164","reference_id":"2124164","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2124164"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/509716?format=json","purl":"pkg:deb/debian/libvncserver@0.9.13%2Bdfsg-2%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-29gt-w9qk-a3ac"},{"vulnerability":"VCID-878j-2fje-33c9"},{"vulnerability":"VCID-znxq-kbyc-h7cd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.13%252Bdfsg-2%252Bdeb11u1"}],"aliases":["CVE-2020-29260"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5q7x-qej6-skap"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77689?format=json","vulnerability_id":"VCID-72vg-qxu9-nkfy","summary":"An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rfbregion.c has a NULL pointer dereference.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14397.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14397.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14397","reference_id":"","reference_type":"","scores":[{"value":"0.04438","scoring_system":"epss","scoring_elements":"0.89236","published_at":"2026-06-04T12:55:00Z"},{"value":"0.04438","scoring_system":"epss","scoring_elements":"0.89253","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14397"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14397","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14397"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1860344","reference_id":"1860344","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1860344"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1811","reference_id":"RHSA-2021:1811","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1811"},{"reference_url":"https://usn.ubuntu.com/4434-1/","reference_id":"USN-4434-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4434-1/"},{"reference_url":"https://usn.ubuntu.com/4573-1/","reference_id":"USN-4573-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4573-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/509716?format=json","purl":"pkg:deb/debian/libvncserver@0.9.13%2Bdfsg-2%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-29gt-w9qk-a3ac"},{"vulnerability":"VCID-878j-2fje-33c9"},{"vulnerability":"VCID-znxq-kbyc-h7cd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.13%252Bdfsg-2%252Bdeb11u1"}],"aliases":["CVE-2020-14397"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-72vg-qxu9-nkfy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77677?format=json","vulnerability_id":"VCID-8hw6-pgk7-u3aq","summary":"LibVNC before 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c. The fix for CVE-2018-15127 was incomplete.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20749.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20749.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20749","reference_id":"","reference_type":"","scores":[{"value":"0.10369","scoring_system":"epss","scoring_elements":"0.93337","published_at":"2026-06-04T12:55:00Z"},{"value":"0.10369","scoring_system":"epss","scoring_elements":"0.93348","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20749"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20749","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20749"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1671403","reference_id":"1671403","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1671403"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920941","reference_id":"920941","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920941"},{"reference_url":"https://usn.ubuntu.com/3877-1/","reference_id":"USN-3877-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3877-1/"},{"reference_url":"https://usn.ubuntu.com/4547-1/","reference_id":"USN-4547-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4547-1/"},{"reference_url":"https://usn.ubuntu.com/4587-1/","reference_id":"USN-4587-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4587-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516735?format=json","purl":"pkg:deb/debian/libvncserver@0.9.11%2Bdfsg-1.3%2Bdeb10u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3938-7dgh-t7fc"},{"vulnerability":"VCID-3gf3-zrf8-uuc5"},{"vulnerability":"VCID-5q7x-qej6-skap"},{"vulnerability":"VCID-72vg-qxu9-nkfy"},{"vulnerability":"VCID-9d78-wqhh-pbcn"},{"vulnerability":"VCID-eks9-j9wf-q7cn"},{"vulnerability":"VCID-fj5x-gk5u-9fcy"},{"vulnerability":"VCID-hh4x-d9pd-ebe4"},{"vulnerability":"VCID-j4zz-yk4y-y7ds"},{"vulnerability":"VCID-jn8p-cbaf-uqc7"},{"vulnerability":"VCID-rb8e-gsev-7kaw"},{"vulnerability":"VCID-rqua-ax7d-w7ae"},{"vulnerability":"VCID-t4ke-zyfm-nqd3"},{"vulnerability":"VCID-uv5b-pus6-afa9"},{"vulnerability":"VCID-uw43-p37a-syec"},{"vulnerability":"VCID-vdnw-c2k8-pfdy"},{"vulnerability":"VCID-ykkk-3xmt-d7g7"},{"vulnerability":"VCID-yzge-5eyr-3kc8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.11%252Bdfsg-1.3%252Bdeb10u4"}],"aliases":["CVE-2018-20749"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8hw6-pgk7-u3aq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4665?format=json","vulnerability_id":"VCID-925y-k5rf-nuf3","summary":"arbitrary code execution","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9941.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9941.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9941","reference_id":"","reference_type":"","scores":[{"value":"0.01661","scoring_system":"epss","scoring_elements":"0.82403","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01661","scoring_system":"epss","scoring_elements":"0.82431","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9941"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9941","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9941"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9942","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9942"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1410166","reference_id":"1410166","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1410166"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850007","reference_id":"850007","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850007"},{"reference_url":"https://security.archlinux.org/ASA-201701-20","reference_id":"ASA-201701-20","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-20"},{"reference_url":"https://security.archlinux.org/AVG-124","reference_id":"AVG-124","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-124"},{"reference_url":"https://security.gentoo.org/glsa/201702-24","reference_id":"GLSA-201702-24","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201702-24"},{"reference_url":"https://usn.ubuntu.com/3171-1/","reference_id":"USN-3171-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3171-1/"},{"reference_url":"https://usn.ubuntu.com/4587-1/","reference_id":"USN-4587-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4587-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5110?format=json","purl":"pkg:deb/debian/libvncserver@0.9.11%2Bdfsg-1.3~deb9u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3938-7dgh-t7fc"},{"vulnerability":"VCID-3gf3-zrf8-uuc5"},{"vulnerability":"VCID-5q7x-qej6-skap"},{"vulnerability":"VCID-72vg-qxu9-nkfy"},{"vulnerability":"VCID-8hw6-pgk7-u3aq"},{"vulnerability":"VCID-9d78-wqhh-pbcn"},{"vulnerability":"VCID-du17-2h7q-tbdw"},{"vulnerability":"VCID-eks9-j9wf-q7cn"},{"vulnerability":"VCID-fj5x-gk5u-9fcy"},{"vulnerability":"VCID-hh4x-d9pd-ebe4"},{"vulnerability":"VCID-j4zz-yk4y-y7ds"},{"vulnerability":"VCID-jn8p-cbaf-uqc7"},{"vulnerability":"VCID-kt63-8u88-wkam"},{"vulnerability":"VCID-rb8e-gsev-7kaw"},{"vulnerability":"VCID-rqua-ax7d-w7ae"},{"vulnerability":"VCID-t4ke-zyfm-nqd3"},{"vulnerability":"VCID-uv5b-pus6-afa9"},{"vulnerability":"VCID-uw43-p37a-syec"},{"vulnerability":"VCID-vdnw-c2k8-pfdy"},{"vulnerability":"VCID-ykkk-3xmt-d7g7"},{"vulnerability":"VCID-yzge-5eyr-3kc8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.11%252Bdfsg-1.3~deb9u4"}],"aliases":["CVE-2016-9941"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-925y-k5rf-nuf3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77696?format=json","vulnerability_id":"VCID-9d78-wqhh-pbcn","summary":"An issue was discovered in LibVNCServer before 0.9.13. libvncserver/corre.c allows out-of-bounds access via encodings.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14402.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14402.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14402","reference_id":"","reference_type":"","scores":[{"value":"0.0257","scoring_system":"epss","scoring_elements":"0.8582","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0257","scoring_system":"epss","scoring_elements":"0.85842","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14402"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14402","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14402"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1860367","reference_id":"1860367","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1860367"},{"reference_url":"https://usn.ubuntu.com/4434-1/","reference_id":"USN-4434-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4434-1/"},{"reference_url":"https://usn.ubuntu.com/4573-1/","reference_id":"USN-4573-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4573-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/509716?format=json","purl":"pkg:deb/debian/libvncserver@0.9.13%2Bdfsg-2%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-29gt-w9qk-a3ac"},{"vulnerability":"VCID-878j-2fje-33c9"},{"vulnerability":"VCID-znxq-kbyc-h7cd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.13%252Bdfsg-2%252Bdeb11u1"}],"aliases":["CVE-2020-14402"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9d78-wqhh-pbcn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77664?format=json","vulnerability_id":"VCID-9jwb-wjfy-cfgf","summary":"LibVNC before commit 73cb96fec028a576a5a24417b57723b55854ad7b contains heap use-after-free vulnerability in server code of file transfer extension that can result remote code execution","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-15126.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-15126.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-15126","reference_id":"","reference_type":"","scores":[{"value":"0.059","scoring_system":"epss","scoring_elements":"0.90766","published_at":"2026-06-04T12:55:00Z"},{"value":"0.059","scoring_system":"epss","scoring_elements":"0.9078","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-15126"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15126","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15126"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15127","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15127"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20019","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20019"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20020","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20020"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20021","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20021"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20022","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20022"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20023","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20023"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20024","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20024"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-21247","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-21247"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6307","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6307"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1661110","reference_id":"1661110","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1661110"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916941","reference_id":"916941","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916941"},{"reference_url":"https://usn.ubuntu.com/3877-1/","reference_id":"USN-3877-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3877-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5110?format=json","purl":"pkg:deb/debian/libvncserver@0.9.11%2Bdfsg-1.3~deb9u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3938-7dgh-t7fc"},{"vulnerability":"VCID-3gf3-zrf8-uuc5"},{"vulnerability":"VCID-5q7x-qej6-skap"},{"vulnerability":"VCID-72vg-qxu9-nkfy"},{"vulnerability":"VCID-8hw6-pgk7-u3aq"},{"vulnerability":"VCID-9d78-wqhh-pbcn"},{"vulnerability":"VCID-du17-2h7q-tbdw"},{"vulnerability":"VCID-eks9-j9wf-q7cn"},{"vulnerability":"VCID-fj5x-gk5u-9fcy"},{"vulnerability":"VCID-hh4x-d9pd-ebe4"},{"vulnerability":"VCID-j4zz-yk4y-y7ds"},{"vulnerability":"VCID-jn8p-cbaf-uqc7"},{"vulnerability":"VCID-kt63-8u88-wkam"},{"vulnerability":"VCID-rb8e-gsev-7kaw"},{"vulnerability":"VCID-rqua-ax7d-w7ae"},{"vulnerability":"VCID-t4ke-zyfm-nqd3"},{"vulnerability":"VCID-uv5b-pus6-afa9"},{"vulnerability":"VCID-uw43-p37a-syec"},{"vulnerability":"VCID-vdnw-c2k8-pfdy"},{"vulnerability":"VCID-ykkk-3xmt-d7g7"},{"vulnerability":"VCID-yzge-5eyr-3kc8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.11%252Bdfsg-1.3~deb9u4"}],"aliases":["CVE-2018-15126"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9jwb-wjfy-cfgf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77669?format=json","vulnerability_id":"VCID-bvhy-zh6b-pkbs","summary":"LibVNC before commit 7b1ef0ffc4815cab9a96c7278394152bdc89dc4d contains heap out-of-bound write vulnerability inside structure in VNC client code that can result remote code execution","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20020.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20020.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20020","reference_id":"","reference_type":"","scores":[{"value":"0.2103","scoring_system":"epss","scoring_elements":"0.95753","published_at":"2026-06-04T12:55:00Z"},{"value":"0.2103","scoring_system":"epss","scoring_elements":"0.95758","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20020"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15126","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15126"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15127","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15127"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20019","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20019"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20020","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20020"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20021","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20021"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20022","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20022"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20023","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20023"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20024","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20024"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-21247","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-21247"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6307","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6307"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1661117","reference_id":"1661117","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1661117"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916941","reference_id":"916941","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916941"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=945827","reference_id":"945827","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=945827"},{"reference_url":"https://security.gentoo.org/glsa/201908-05","reference_id":"GLSA-201908-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201908-05"},{"reference_url":"https://security.gentoo.org/glsa/202006-06","reference_id":"GLSA-202006-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202006-06"},{"reference_url":"https://usn.ubuntu.com/3877-1/","reference_id":"USN-3877-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3877-1/"},{"reference_url":"https://usn.ubuntu.com/4547-1/","reference_id":"USN-4547-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4547-1/"},{"reference_url":"https://usn.ubuntu.com/4547-2/","reference_id":"USN-4547-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4547-2/"},{"reference_url":"https://usn.ubuntu.com/4587-1/","reference_id":"USN-4587-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4587-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5110?format=json","purl":"pkg:deb/debian/libvncserver@0.9.11%2Bdfsg-1.3~deb9u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3938-7dgh-t7fc"},{"vulnerability":"VCID-3gf3-zrf8-uuc5"},{"vulnerability":"VCID-5q7x-qej6-skap"},{"vulnerability":"VCID-72vg-qxu9-nkfy"},{"vulnerability":"VCID-8hw6-pgk7-u3aq"},{"vulnerability":"VCID-9d78-wqhh-pbcn"},{"vulnerability":"VCID-du17-2h7q-tbdw"},{"vulnerability":"VCID-eks9-j9wf-q7cn"},{"vulnerability":"VCID-fj5x-gk5u-9fcy"},{"vulnerability":"VCID-hh4x-d9pd-ebe4"},{"vulnerability":"VCID-j4zz-yk4y-y7ds"},{"vulnerability":"VCID-jn8p-cbaf-uqc7"},{"vulnerability":"VCID-kt63-8u88-wkam"},{"vulnerability":"VCID-rb8e-gsev-7kaw"},{"vulnerability":"VCID-rqua-ax7d-w7ae"},{"vulnerability":"VCID-t4ke-zyfm-nqd3"},{"vulnerability":"VCID-uv5b-pus6-afa9"},{"vulnerability":"VCID-uw43-p37a-syec"},{"vulnerability":"VCID-vdnw-c2k8-pfdy"},{"vulnerability":"VCID-ykkk-3xmt-d7g7"},{"vulnerability":"VCID-yzge-5eyr-3kc8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.11%252Bdfsg-1.3~deb9u4"}],"aliases":["CVE-2018-20020"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"7.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bvhy-zh6b-pkbs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77674?format=json","vulnerability_id":"VCID-c2a5-uma8-x7hz","summary":"LibVNC before commit 4a21bbd097ef7c44bb000c3bd0907f96a10e4ce7 contains null pointer dereference in VNC client code that can result DoS.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20024.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20024.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20024","reference_id":"","reference_type":"","scores":[{"value":"0.03729","scoring_system":"epss","scoring_elements":"0.88197","published_at":"2026-06-04T12:55:00Z"},{"value":"0.03729","scoring_system":"epss","scoring_elements":"0.88217","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20024"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15126","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15126"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15127","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15127"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20019","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20019"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20020","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20020"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20021","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20021"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20022","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20022"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20023","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20023"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20024","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20024"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-21247","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-21247"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6307","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6307"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1661132","reference_id":"1661132","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1661132"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916941","reference_id":"916941","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916941"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=945827","reference_id":"945827","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=945827"},{"reference_url":"https://security.gentoo.org/glsa/201908-05","reference_id":"GLSA-201908-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201908-05"},{"reference_url":"https://security.gentoo.org/glsa/202006-06","reference_id":"GLSA-202006-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202006-06"},{"reference_url":"https://usn.ubuntu.com/3877-1/","reference_id":"USN-3877-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3877-1/"},{"reference_url":"https://usn.ubuntu.com/4547-1/","reference_id":"USN-4547-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4547-1/"},{"reference_url":"https://usn.ubuntu.com/4547-2/","reference_id":"USN-4547-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4547-2/"},{"reference_url":"https://usn.ubuntu.com/4587-1/","reference_id":"USN-4587-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4587-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5110?format=json","purl":"pkg:deb/debian/libvncserver@0.9.11%2Bdfsg-1.3~deb9u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3938-7dgh-t7fc"},{"vulnerability":"VCID-3gf3-zrf8-uuc5"},{"vulnerability":"VCID-5q7x-qej6-skap"},{"vulnerability":"VCID-72vg-qxu9-nkfy"},{"vulnerability":"VCID-8hw6-pgk7-u3aq"},{"vulnerability":"VCID-9d78-wqhh-pbcn"},{"vulnerability":"VCID-du17-2h7q-tbdw"},{"vulnerability":"VCID-eks9-j9wf-q7cn"},{"vulnerability":"VCID-fj5x-gk5u-9fcy"},{"vulnerability":"VCID-hh4x-d9pd-ebe4"},{"vulnerability":"VCID-j4zz-yk4y-y7ds"},{"vulnerability":"VCID-jn8p-cbaf-uqc7"},{"vulnerability":"VCID-kt63-8u88-wkam"},{"vulnerability":"VCID-rb8e-gsev-7kaw"},{"vulnerability":"VCID-rqua-ax7d-w7ae"},{"vulnerability":"VCID-t4ke-zyfm-nqd3"},{"vulnerability":"VCID-uv5b-pus6-afa9"},{"vulnerability":"VCID-uw43-p37a-syec"},{"vulnerability":"VCID-vdnw-c2k8-pfdy"},{"vulnerability":"VCID-ykkk-3xmt-d7g7"},{"vulnerability":"VCID-yzge-5eyr-3kc8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.11%252Bdfsg-1.3~deb9u4"}],"aliases":["CVE-2018-20024"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c2a5-uma8-x7hz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77675?format=json","vulnerability_id":"VCID-du17-2h7q-tbdw","summary":"LibVNC before 0.9.12 contains multiple heap out-of-bounds write vulnerabilities in libvncclient/rfbproto.c. The fix for CVE-2018-20019 was incomplete.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20748.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20748.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20748","reference_id":"","reference_type":"","scores":[{"value":"0.10572","scoring_system":"epss","scoring_elements":"0.93408","published_at":"2026-06-04T12:55:00Z"},{"value":"0.10572","scoring_system":"epss","scoring_elements":"0.9342","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20748"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20748","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20748"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1671407","reference_id":"1671407","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1671407"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920941","reference_id":"920941","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920941"},{"reference_url":"https://usn.ubuntu.com/3877-1/","reference_id":"USN-3877-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3877-1/"},{"reference_url":"https://usn.ubuntu.com/4547-1/","reference_id":"USN-4547-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4547-1/"},{"reference_url":"https://usn.ubuntu.com/4587-1/","reference_id":"USN-4587-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4587-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516735?format=json","purl":"pkg:deb/debian/libvncserver@0.9.11%2Bdfsg-1.3%2Bdeb10u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3938-7dgh-t7fc"},{"vulnerability":"VCID-3gf3-zrf8-uuc5"},{"vulnerability":"VCID-5q7x-qej6-skap"},{"vulnerability":"VCID-72vg-qxu9-nkfy"},{"vulnerability":"VCID-9d78-wqhh-pbcn"},{"vulnerability":"VCID-eks9-j9wf-q7cn"},{"vulnerability":"VCID-fj5x-gk5u-9fcy"},{"vulnerability":"VCID-hh4x-d9pd-ebe4"},{"vulnerability":"VCID-j4zz-yk4y-y7ds"},{"vulnerability":"VCID-jn8p-cbaf-uqc7"},{"vulnerability":"VCID-rb8e-gsev-7kaw"},{"vulnerability":"VCID-rqua-ax7d-w7ae"},{"vulnerability":"VCID-t4ke-zyfm-nqd3"},{"vulnerability":"VCID-uv5b-pus6-afa9"},{"vulnerability":"VCID-uw43-p37a-syec"},{"vulnerability":"VCID-vdnw-c2k8-pfdy"},{"vulnerability":"VCID-ykkk-3xmt-d7g7"},{"vulnerability":"VCID-yzge-5eyr-3kc8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.11%252Bdfsg-1.3%252Bdeb10u4"}],"aliases":["CVE-2018-20748"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-du17-2h7q-tbdw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77686?format=json","vulnerability_id":"VCID-eks9-j9wf-q7cn","summary":"libvncclient/sockets.c in LibVNCServer before 0.9.13 has a buffer overflow via a long socket filename.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-20839.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-20839.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-20839","reference_id":"","reference_type":"","scores":[{"value":"0.04134","scoring_system":"epss","scoring_elements":"0.88842","published_at":"2026-06-04T12:55:00Z"},{"value":"0.04134","scoring_system":"epss","scoring_elements":"0.88859","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-20839"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20839","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20839"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1849877","reference_id":"1849877","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1849877"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1811","reference_id":"RHSA-2021:1811","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1811"},{"reference_url":"https://usn.ubuntu.com/4434-1/","reference_id":"USN-4434-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4434-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/509716?format=json","purl":"pkg:deb/debian/libvncserver@0.9.13%2Bdfsg-2%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-29gt-w9qk-a3ac"},{"vulnerability":"VCID-878j-2fje-33c9"},{"vulnerability":"VCID-znxq-kbyc-h7cd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.13%252Bdfsg-2%252Bdeb11u1"}],"aliases":["CVE-2019-20839"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-eks9-j9wf-q7cn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77663?format=json","vulnerability_id":"VCID-fj5x-gk5u-9fcy","summary":"It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by sending specially crafted WebSocket frames to a server, causing a heap-based buffer overflow.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-18922.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-18922.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-18922","reference_id":"","reference_type":"","scores":[{"value":"0.06869","scoring_system":"epss","scoring_elements":"0.91529","published_at":"2026-06-04T12:55:00Z"},{"value":"0.06869","scoring_system":"epss","scoring_elements":"0.91542","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-18922"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18922","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18922"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1852356","reference_id":"1852356","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1852356"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3281","reference_id":"RHSA-2020:3281","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3281"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3385","reference_id":"RHSA-2020:3385","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3385"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3456","reference_id":"RHSA-2020:3456","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3456"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3588","reference_id":"RHSA-2020:3588","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3588"},{"reference_url":"https://usn.ubuntu.com/4407-1/","reference_id":"USN-4407-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4407-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/509716?format=json","purl":"pkg:deb/debian/libvncserver@0.9.13%2Bdfsg-2%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-29gt-w9qk-a3ac"},{"vulnerability":"VCID-878j-2fje-33c9"},{"vulnerability":"VCID-znxq-kbyc-h7cd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.13%252Bdfsg-2%252Bdeb11u1"}],"aliases":["CVE-2017-18922"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fj5x-gk5u-9fcy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77666?format=json","vulnerability_id":"VCID-gj1t-919b-abg3","summary":"LibVNC before commit 502821828ed00b4a2c4bef90683d0fd88ce495de contains heap out-of-bound write vulnerability in server code of file transfer extension that can result remote code execution","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-15127.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-15127.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-15127","reference_id":"","reference_type":"","scores":[{"value":"0.15138","scoring_system":"epss","scoring_elements":"0.9472","published_at":"2026-06-04T12:55:00Z"},{"value":"0.15138","scoring_system":"epss","scoring_elements":"0.94728","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-15127"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15126","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15126"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15127","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15127"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20019","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20019"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20020","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20020"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20021","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20021"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20022","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20022"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20023","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20023"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20024","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20024"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-21247","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-21247"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6307","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6307"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1661102","reference_id":"1661102","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1661102"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916941","reference_id":"916941","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916941"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0059","reference_id":"RHSA-2019:0059","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0059"},{"reference_url":"https://usn.ubuntu.com/3877-1/","reference_id":"USN-3877-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3877-1/"},{"reference_url":"https://usn.ubuntu.com/4547-1/","reference_id":"USN-4547-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4547-1/"},{"reference_url":"https://usn.ubuntu.com/4587-1/","reference_id":"USN-4587-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4587-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5110?format=json","purl":"pkg:deb/debian/libvncserver@0.9.11%2Bdfsg-1.3~deb9u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3938-7dgh-t7fc"},{"vulnerability":"VCID-3gf3-zrf8-uuc5"},{"vulnerability":"VCID-5q7x-qej6-skap"},{"vulnerability":"VCID-72vg-qxu9-nkfy"},{"vulnerability":"VCID-8hw6-pgk7-u3aq"},{"vulnerability":"VCID-9d78-wqhh-pbcn"},{"vulnerability":"VCID-du17-2h7q-tbdw"},{"vulnerability":"VCID-eks9-j9wf-q7cn"},{"vulnerability":"VCID-fj5x-gk5u-9fcy"},{"vulnerability":"VCID-hh4x-d9pd-ebe4"},{"vulnerability":"VCID-j4zz-yk4y-y7ds"},{"vulnerability":"VCID-jn8p-cbaf-uqc7"},{"vulnerability":"VCID-kt63-8u88-wkam"},{"vulnerability":"VCID-rb8e-gsev-7kaw"},{"vulnerability":"VCID-rqua-ax7d-w7ae"},{"vulnerability":"VCID-t4ke-zyfm-nqd3"},{"vulnerability":"VCID-uv5b-pus6-afa9"},{"vulnerability":"VCID-uw43-p37a-syec"},{"vulnerability":"VCID-vdnw-c2k8-pfdy"},{"vulnerability":"VCID-ykkk-3xmt-d7g7"},{"vulnerability":"VCID-yzge-5eyr-3kc8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.11%252Bdfsg-1.3~deb9u4"}],"aliases":["CVE-2018-15127"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gj1t-919b-abg3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77697?format=json","vulnerability_id":"VCID-hh4x-d9pd-ebe4","summary":"An issue was discovered in LibVNCServer before 0.9.13. libvncserver/hextile.c allows out-of-bounds access via encodings.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14403.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14403.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14403","reference_id":"","reference_type":"","scores":[{"value":"0.01332","scoring_system":"epss","scoring_elements":"0.80295","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01332","scoring_system":"epss","scoring_elements":"0.8032","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14403"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14403","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14403"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1860334","reference_id":"1860334","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1860334"},{"reference_url":"https://usn.ubuntu.com/4434-1/","reference_id":"USN-4434-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4434-1/"},{"reference_url":"https://usn.ubuntu.com/4573-1/","reference_id":"USN-4573-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4573-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/509716?format=json","purl":"pkg:deb/debian/libvncserver@0.9.13%2Bdfsg-2%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-29gt-w9qk-a3ac"},{"vulnerability":"VCID-878j-2fje-33c9"},{"vulnerability":"VCID-znxq-kbyc-h7cd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.13%252Bdfsg-2%252Bdeb11u1"}],"aliases":["CVE-2020-14403"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hh4x-d9pd-ebe4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77679?format=json","vulnerability_id":"VCID-hu3m-g1h4-sufg","summary":"An issue was discovered in LibVNCServer before 0.9.13. There is an information leak (of uninitialized memory contents) in the libvncclient/rfbproto.c ConnectToRFBRepeater function.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-21247.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-21247.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-21247","reference_id":"","reference_type":"","scores":[{"value":"0.01477","scoring_system":"epss","scoring_elements":"0.81308","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01477","scoring_system":"epss","scoring_elements":"0.81335","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-21247"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15126","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15126"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15127","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15127"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20019","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20019"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20020","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20020"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20021","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20021"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20022","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20022"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20023","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20023"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20024","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20024"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-21247","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-21247"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6307","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6307"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1849886","reference_id":"1849886","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1849886"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1811","reference_id":"RHSA-2021:1811","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1811"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5110?format=json","purl":"pkg:deb/debian/libvncserver@0.9.11%2Bdfsg-1.3~deb9u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3938-7dgh-t7fc"},{"vulnerability":"VCID-3gf3-zrf8-uuc5"},{"vulnerability":"VCID-5q7x-qej6-skap"},{"vulnerability":"VCID-72vg-qxu9-nkfy"},{"vulnerability":"VCID-8hw6-pgk7-u3aq"},{"vulnerability":"VCID-9d78-wqhh-pbcn"},{"vulnerability":"VCID-du17-2h7q-tbdw"},{"vulnerability":"VCID-eks9-j9wf-q7cn"},{"vulnerability":"VCID-fj5x-gk5u-9fcy"},{"vulnerability":"VCID-hh4x-d9pd-ebe4"},{"vulnerability":"VCID-j4zz-yk4y-y7ds"},{"vulnerability":"VCID-jn8p-cbaf-uqc7"},{"vulnerability":"VCID-kt63-8u88-wkam"},{"vulnerability":"VCID-rb8e-gsev-7kaw"},{"vulnerability":"VCID-rqua-ax7d-w7ae"},{"vulnerability":"VCID-t4ke-zyfm-nqd3"},{"vulnerability":"VCID-uv5b-pus6-afa9"},{"vulnerability":"VCID-uw43-p37a-syec"},{"vulnerability":"VCID-vdnw-c2k8-pfdy"},{"vulnerability":"VCID-ykkk-3xmt-d7g7"},{"vulnerability":"VCID-yzge-5eyr-3kc8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.11%252Bdfsg-1.3~deb9u4"}],"aliases":["CVE-2018-21247"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hu3m-g1h4-sufg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77691?format=json","vulnerability_id":"VCID-j4zz-yk4y-y7ds","summary":"An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint32_t pointers in libvncclient/rfbproto.c. NOTE: there is reportedly \"no trust boundary crossed.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14399.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14399.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14399","reference_id":"","reference_type":"","scores":[{"value":"0.02462","scoring_system":"epss","scoring_elements":"0.85524","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02462","scoring_system":"epss","scoring_elements":"0.85547","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14399"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14399","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14399"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1860354","reference_id":"1860354","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1860354"},{"reference_url":"https://usn.ubuntu.com/4434-1/","reference_id":"USN-4434-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4434-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/509716?format=json","purl":"pkg:deb/debian/libvncserver@0.9.13%2Bdfsg-2%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-29gt-w9qk-a3ac"},{"vulnerability":"VCID-878j-2fje-33c9"},{"vulnerability":"VCID-znxq-kbyc-h7cd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.13%252Bdfsg-2%252Bdeb11u1"}],"aliases":["CVE-2020-14399"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j4zz-yk4y-y7ds"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77687?format=json","vulnerability_id":"VCID-jn8p-cbaf-uqc7","summary":"An issue was discovered in LibVNCServer before 0.9.13. libvncserver/ws_decode.c can lead to a crash because of unaligned accesses in hybiReadAndDecode.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-20840.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-20840.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-20840","reference_id":"","reference_type":"","scores":[{"value":"0.02935","scoring_system":"epss","scoring_elements":"0.86689","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02935","scoring_system":"epss","scoring_elements":"0.86712","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-20840"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20840","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20840"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1849881","reference_id":"1849881","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1849881"},{"reference_url":"https://usn.ubuntu.com/4434-1/","reference_id":"USN-4434-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4434-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/509716?format=json","purl":"pkg:deb/debian/libvncserver@0.9.13%2Bdfsg-2%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-29gt-w9qk-a3ac"},{"vulnerability":"VCID-878j-2fje-33c9"},{"vulnerability":"VCID-znxq-kbyc-h7cd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.13%252Bdfsg-2%252Bdeb11u1"}],"aliases":["CVE-2019-20840"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jn8p-cbaf-uqc7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77670?format=json","vulnerability_id":"VCID-jvfk-sg6j-mfhc","summary":"LibVNC before commit c3115350eb8bb635d0fdb4dbbb0d0541f38ed19c contains a CWE-835: Infinite loop vulnerability in VNC client code. Vulnerability allows attacker to consume excessive amount of resources like CPU and RAM","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20021.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20021.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20021","reference_id":"","reference_type":"","scores":[{"value":"0.02552","scoring_system":"epss","scoring_elements":"0.85771","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02552","scoring_system":"epss","scoring_elements":"0.85793","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20021"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15126","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15126"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15127","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15127"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20019","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20019"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20020","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20020"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20021","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20021"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20022","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20022"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20023","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20023"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20024","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20024"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-21247","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-21247"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6307","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6307"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1661120","reference_id":"1661120","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1661120"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916941","reference_id":"916941","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916941"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=945827","reference_id":"945827","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=945827"},{"reference_url":"https://security.gentoo.org/glsa/201908-05","reference_id":"GLSA-201908-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201908-05"},{"reference_url":"https://security.gentoo.org/glsa/202006-06","reference_id":"GLSA-202006-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202006-06"},{"reference_url":"https://usn.ubuntu.com/3877-1/","reference_id":"USN-3877-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3877-1/"},{"reference_url":"https://usn.ubuntu.com/4547-1/","reference_id":"USN-4547-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4547-1/"},{"reference_url":"https://usn.ubuntu.com/4547-2/","reference_id":"USN-4547-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4547-2/"},{"reference_url":"https://usn.ubuntu.com/4587-1/","reference_id":"USN-4587-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4587-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5110?format=json","purl":"pkg:deb/debian/libvncserver@0.9.11%2Bdfsg-1.3~deb9u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3938-7dgh-t7fc"},{"vulnerability":"VCID-3gf3-zrf8-uuc5"},{"vulnerability":"VCID-5q7x-qej6-skap"},{"vulnerability":"VCID-72vg-qxu9-nkfy"},{"vulnerability":"VCID-8hw6-pgk7-u3aq"},{"vulnerability":"VCID-9d78-wqhh-pbcn"},{"vulnerability":"VCID-du17-2h7q-tbdw"},{"vulnerability":"VCID-eks9-j9wf-q7cn"},{"vulnerability":"VCID-fj5x-gk5u-9fcy"},{"vulnerability":"VCID-hh4x-d9pd-ebe4"},{"vulnerability":"VCID-j4zz-yk4y-y7ds"},{"vulnerability":"VCID-jn8p-cbaf-uqc7"},{"vulnerability":"VCID-kt63-8u88-wkam"},{"vulnerability":"VCID-rb8e-gsev-7kaw"},{"vulnerability":"VCID-rqua-ax7d-w7ae"},{"vulnerability":"VCID-t4ke-zyfm-nqd3"},{"vulnerability":"VCID-uv5b-pus6-afa9"},{"vulnerability":"VCID-uw43-p37a-syec"},{"vulnerability":"VCID-vdnw-c2k8-pfdy"},{"vulnerability":"VCID-ykkk-3xmt-d7g7"},{"vulnerability":"VCID-yzge-5eyr-3kc8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.11%252Bdfsg-1.3~deb9u4"}],"aliases":["CVE-2018-20021"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jvfk-sg6j-mfhc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77678?format=json","vulnerability_id":"VCID-kt63-8u88-wkam","summary":"LibVNC through 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c. The fix for CVE-2018-15127 was incomplete.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20750.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20750.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20750","reference_id":"","reference_type":"","scores":[{"value":"0.04387","scoring_system":"epss","scoring_elements":"0.89172","published_at":"2026-06-04T12:55:00Z"},{"value":"0.04387","scoring_system":"epss","scoring_elements":"0.89189","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20750"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20750","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20750"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1671405","reference_id":"1671405","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1671405"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920941","reference_id":"920941","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920941"},{"reference_url":"https://usn.ubuntu.com/3877-1/","reference_id":"USN-3877-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3877-1/"},{"reference_url":"https://usn.ubuntu.com/4547-1/","reference_id":"USN-4547-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4547-1/"},{"reference_url":"https://usn.ubuntu.com/4587-1/","reference_id":"USN-4587-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4587-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516735?format=json","purl":"pkg:deb/debian/libvncserver@0.9.11%2Bdfsg-1.3%2Bdeb10u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3938-7dgh-t7fc"},{"vulnerability":"VCID-3gf3-zrf8-uuc5"},{"vulnerability":"VCID-5q7x-qej6-skap"},{"vulnerability":"VCID-72vg-qxu9-nkfy"},{"vulnerability":"VCID-9d78-wqhh-pbcn"},{"vulnerability":"VCID-eks9-j9wf-q7cn"},{"vulnerability":"VCID-fj5x-gk5u-9fcy"},{"vulnerability":"VCID-hh4x-d9pd-ebe4"},{"vulnerability":"VCID-j4zz-yk4y-y7ds"},{"vulnerability":"VCID-jn8p-cbaf-uqc7"},{"vulnerability":"VCID-rb8e-gsev-7kaw"},{"vulnerability":"VCID-rqua-ax7d-w7ae"},{"vulnerability":"VCID-t4ke-zyfm-nqd3"},{"vulnerability":"VCID-uv5b-pus6-afa9"},{"vulnerability":"VCID-uw43-p37a-syec"},{"vulnerability":"VCID-vdnw-c2k8-pfdy"},{"vulnerability":"VCID-ykkk-3xmt-d7g7"},{"vulnerability":"VCID-yzge-5eyr-3kc8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.11%252Bdfsg-1.3%252Bdeb10u4"}],"aliases":["CVE-2018-20750"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kt63-8u88-wkam"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77671?format=json","vulnerability_id":"VCID-r4yj-wxr9-fub5","summary":"LibVNC before 2f5b2ad1c6c99b1ac6482c95844a84d66bb52838 contains multiple weaknesses CWE-665: Improper Initialization vulnerability in VNC client code that allows attacker to read stack memory and can be abuse for information disclosure. Combined with another vulnerability, it can be used to leak stack memory layout and in bypassing ASLR","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20022.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20022.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20022","reference_id":"","reference_type":"","scores":[{"value":"0.06177","scoring_system":"epss","scoring_elements":"0.90998","published_at":"2026-06-04T12:55:00Z"},{"value":"0.06177","scoring_system":"epss","scoring_elements":"0.91012","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20022"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15126","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15126"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15127","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15127"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20019","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20019"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20020","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20020"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20021","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20021"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20022","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20022"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20023","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20023"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20024","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20024"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-21247","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-21247"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6307","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6307"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1661123","reference_id":"1661123","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1661123"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916941","reference_id":"916941","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916941"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=945827","reference_id":"945827","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=945827"},{"reference_url":"https://security.gentoo.org/glsa/201908-05","reference_id":"GLSA-201908-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201908-05"},{"reference_url":"https://security.gentoo.org/glsa/202006-06","reference_id":"GLSA-202006-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202006-06"},{"reference_url":"https://usn.ubuntu.com/3877-1/","reference_id":"USN-3877-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3877-1/"},{"reference_url":"https://usn.ubuntu.com/4547-1/","reference_id":"USN-4547-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4547-1/"},{"reference_url":"https://usn.ubuntu.com/4547-2/","reference_id":"USN-4547-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4547-2/"},{"reference_url":"https://usn.ubuntu.com/4587-1/","reference_id":"USN-4587-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4587-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5110?format=json","purl":"pkg:deb/debian/libvncserver@0.9.11%2Bdfsg-1.3~deb9u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3938-7dgh-t7fc"},{"vulnerability":"VCID-3gf3-zrf8-uuc5"},{"vulnerability":"VCID-5q7x-qej6-skap"},{"vulnerability":"VCID-72vg-qxu9-nkfy"},{"vulnerability":"VCID-8hw6-pgk7-u3aq"},{"vulnerability":"VCID-9d78-wqhh-pbcn"},{"vulnerability":"VCID-du17-2h7q-tbdw"},{"vulnerability":"VCID-eks9-j9wf-q7cn"},{"vulnerability":"VCID-fj5x-gk5u-9fcy"},{"vulnerability":"VCID-hh4x-d9pd-ebe4"},{"vulnerability":"VCID-j4zz-yk4y-y7ds"},{"vulnerability":"VCID-jn8p-cbaf-uqc7"},{"vulnerability":"VCID-kt63-8u88-wkam"},{"vulnerability":"VCID-rb8e-gsev-7kaw"},{"vulnerability":"VCID-rqua-ax7d-w7ae"},{"vulnerability":"VCID-t4ke-zyfm-nqd3"},{"vulnerability":"VCID-uv5b-pus6-afa9"},{"vulnerability":"VCID-uw43-p37a-syec"},{"vulnerability":"VCID-vdnw-c2k8-pfdy"},{"vulnerability":"VCID-ykkk-3xmt-d7g7"},{"vulnerability":"VCID-yzge-5eyr-3kc8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.11%252Bdfsg-1.3~deb9u4"}],"aliases":["CVE-2018-20022"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"4.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r4yj-wxr9-fub5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77688?format=json","vulnerability_id":"VCID-rb8e-gsev-7kaw","summary":"An issue was discovered in LibVNCServer before 0.9.13. libvncclient/tls_openssl.c has a NULL pointer dereference.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14396.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14396.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14396","reference_id":"","reference_type":"","scores":[{"value":"0.01582","scoring_system":"epss","scoring_elements":"0.81919","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01582","scoring_system":"epss","scoring_elements":"0.81953","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14396"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14396","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14396"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1860340","reference_id":"1860340","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1860340"},{"reference_url":"https://usn.ubuntu.com/4434-1/","reference_id":"USN-4434-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4434-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/509716?format=json","purl":"pkg:deb/debian/libvncserver@0.9.13%2Bdfsg-2%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-29gt-w9qk-a3ac"},{"vulnerability":"VCID-878j-2fje-33c9"},{"vulnerability":"VCID-znxq-kbyc-h7cd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.13%252Bdfsg-2%252Bdeb11u1"}],"aliases":["CVE-2020-14396"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rb8e-gsev-7kaw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77690?format=json","vulnerability_id":"VCID-rqua-ax7d-w7ae","summary":"An issue was discovered in LibVNCServer before 0.9.13. An improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14398.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14398.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14398","reference_id":"","reference_type":"","scores":[{"value":"0.02271","scoring_system":"epss","scoring_elements":"0.84951","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02271","scoring_system":"epss","scoring_elements":"0.84975","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14398"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14398","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14398"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1860348","reference_id":"1860348","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1860348"},{"reference_url":"https://usn.ubuntu.com/4434-1/","reference_id":"USN-4434-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4434-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/509716?format=json","purl":"pkg:deb/debian/libvncserver@0.9.13%2Bdfsg-2%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-29gt-w9qk-a3ac"},{"vulnerability":"VCID-878j-2fje-33c9"},{"vulnerability":"VCID-znxq-kbyc-h7cd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.13%252Bdfsg-2%252Bdeb11u1"}],"aliases":["CVE-2020-14398"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rqua-ax7d-w7ae"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77693?format=json","vulnerability_id":"VCID-t4ke-zyfm-nqd3","summary":"An issue was discovered in LibVNCServer before 0.9.13. libvncserver/scale.c has a pixel_value integer overflow.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14401.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14401.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14401","reference_id":"","reference_type":"","scores":[{"value":"0.01299","scoring_system":"epss","scoring_elements":"0.80062","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01299","scoring_system":"epss","scoring_elements":"0.80088","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14401"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14401","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14401"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1860364","reference_id":"1860364","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1860364"},{"reference_url":"https://usn.ubuntu.com/4434-1/","reference_id":"USN-4434-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4434-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/509716?format=json","purl":"pkg:deb/debian/libvncserver@0.9.13%2Bdfsg-2%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-29gt-w9qk-a3ac"},{"vulnerability":"VCID-878j-2fje-33c9"},{"vulnerability":"VCID-znxq-kbyc-h7cd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.13%252Bdfsg-2%252Bdeb11u1"}],"aliases":["CVE-2020-14401"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t4ke-zyfm-nqd3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77684?format=json","vulnerability_id":"VCID-uv5b-pus6-afa9","summary":"LibVNCServer 0.9.12 release and earlier contains heap buffer overflow vulnerability within the HandleCursorShape() function in libvncclient/cursor.c. An attacker sends cursor shapes with specially crafted dimensions, which can result in remote code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-15690.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-15690.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-15690","reference_id":"","reference_type":"","scores":[{"value":"0.04329","scoring_system":"epss","scoring_elements":"0.89097","published_at":"2026-06-04T12:55:00Z"},{"value":"0.04329","scoring_system":"epss","scoring_elements":"0.89114","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-15690"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15690","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15690"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1811948","reference_id":"1811948","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1811948"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954163","reference_id":"954163","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954163"},{"reference_url":"https://ics-cert.kaspersky.com/vulnerabilities/klcert-20-009-remote-code-execution-on-libvnc-version-prior-to-0-9-12/","reference_id":"klcert-20-009-remote-code-execution-on-libvnc-version-prior-to-0-9-12","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-24T18:22:46Z/"}],"url":"https://ics-cert.kaspersky.com/vulnerabilities/klcert-20-009-remote-code-execution-on-libvnc-version-prior-to-0-9-12/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0913","reference_id":"RHSA-2020:0913","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0913"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0920","reference_id":"RHSA-2020:0920","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0920"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0921","reference_id":"RHSA-2020:0921","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0921"},{"reference_url":"https://usn.ubuntu.com/4407-1/","reference_id":"USN-4407-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4407-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/509716?format=json","purl":"pkg:deb/debian/libvncserver@0.9.13%2Bdfsg-2%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-29gt-w9qk-a3ac"},{"vulnerability":"VCID-878j-2fje-33c9"},{"vulnerability":"VCID-znxq-kbyc-h7cd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.13%252Bdfsg-2%252Bdeb11u1"}],"aliases":["CVE-2019-15690"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uv5b-pus6-afa9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77699?format=json","vulnerability_id":"VCID-uw43-p37a-syec","summary":"An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rre.c allows out-of-bounds access via encodings.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14404.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14404.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14404","reference_id":"","reference_type":"","scores":[{"value":"0.01332","scoring_system":"epss","scoring_elements":"0.80295","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01332","scoring_system":"epss","scoring_elements":"0.8032","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14404"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14404","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14404"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1860337","reference_id":"1860337","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1860337"},{"reference_url":"https://usn.ubuntu.com/4434-1/","reference_id":"USN-4434-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4434-1/"},{"reference_url":"https://usn.ubuntu.com/4573-1/","reference_id":"USN-4573-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4573-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/509716?format=json","purl":"pkg:deb/debian/libvncserver@0.9.13%2Bdfsg-2%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-29gt-w9qk-a3ac"},{"vulnerability":"VCID-878j-2fje-33c9"},{"vulnerability":"VCID-znxq-kbyc-h7cd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.13%252Bdfsg-2%252Bdeb11u1"}],"aliases":["CVE-2020-14404"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uw43-p37a-syec"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77700?format=json","vulnerability_id":"VCID-vdnw-c2k8-pfdy","summary":"An issue was discovered in LibVNCServer before 0.9.13. libvncclient/rfbproto.c does not limit TextChat size.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14405.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14405.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14405","reference_id":"","reference_type":"","scores":[{"value":"0.01401","scoring_system":"epss","scoring_elements":"0.80763","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01401","scoring_system":"epss","scoring_elements":"0.80791","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14405"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14405","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14405"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1860325","reference_id":"1860325","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1860325"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1811","reference_id":"RHSA-2021:1811","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1811"},{"reference_url":"https://usn.ubuntu.com/4434-1/","reference_id":"USN-4434-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4434-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/509716?format=json","purl":"pkg:deb/debian/libvncserver@0.9.13%2Bdfsg-2%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-29gt-w9qk-a3ac"},{"vulnerability":"VCID-878j-2fje-33c9"},{"vulnerability":"VCID-znxq-kbyc-h7cd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.13%252Bdfsg-2%252Bdeb11u1"}],"aliases":["CVE-2020-14405"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vdnw-c2k8-pfdy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4664?format=json","vulnerability_id":"VCID-xjak-aj11-5ugb","summary":"arbitrary code execution","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9942.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9942.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9942","reference_id":"","reference_type":"","scores":[{"value":"0.01661","scoring_system":"epss","scoring_elements":"0.82403","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01661","scoring_system":"epss","scoring_elements":"0.82431","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9942"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9941","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9941"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9942","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9942"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1410168","reference_id":"1410168","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1410168"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850008","reference_id":"850008","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850008"},{"reference_url":"https://security.archlinux.org/ASA-201701-20","reference_id":"ASA-201701-20","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-20"},{"reference_url":"https://security.archlinux.org/AVG-124","reference_id":"AVG-124","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-124"},{"reference_url":"https://security.gentoo.org/glsa/201702-24","reference_id":"GLSA-201702-24","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201702-24"},{"reference_url":"https://usn.ubuntu.com/3171-1/","reference_id":"USN-3171-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3171-1/"},{"reference_url":"https://usn.ubuntu.com/4587-1/","reference_id":"USN-4587-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4587-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5110?format=json","purl":"pkg:deb/debian/libvncserver@0.9.11%2Bdfsg-1.3~deb9u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3938-7dgh-t7fc"},{"vulnerability":"VCID-3gf3-zrf8-uuc5"},{"vulnerability":"VCID-5q7x-qej6-skap"},{"vulnerability":"VCID-72vg-qxu9-nkfy"},{"vulnerability":"VCID-8hw6-pgk7-u3aq"},{"vulnerability":"VCID-9d78-wqhh-pbcn"},{"vulnerability":"VCID-du17-2h7q-tbdw"},{"vulnerability":"VCID-eks9-j9wf-q7cn"},{"vulnerability":"VCID-fj5x-gk5u-9fcy"},{"vulnerability":"VCID-hh4x-d9pd-ebe4"},{"vulnerability":"VCID-j4zz-yk4y-y7ds"},{"vulnerability":"VCID-jn8p-cbaf-uqc7"},{"vulnerability":"VCID-kt63-8u88-wkam"},{"vulnerability":"VCID-rb8e-gsev-7kaw"},{"vulnerability":"VCID-rqua-ax7d-w7ae"},{"vulnerability":"VCID-t4ke-zyfm-nqd3"},{"vulnerability":"VCID-uv5b-pus6-afa9"},{"vulnerability":"VCID-uw43-p37a-syec"},{"vulnerability":"VCID-vdnw-c2k8-pfdy"},{"vulnerability":"VCID-ykkk-3xmt-d7g7"},{"vulnerability":"VCID-yzge-5eyr-3kc8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.11%252Bdfsg-1.3~deb9u4"}],"aliases":["CVE-2016-9942"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xjak-aj11-5ugb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77682?format=json","vulnerability_id":"VCID-ykkk-3xmt-d7g7","summary":"LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak (CWE-655) in VNC server code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appear to be exploitable via network connectivity. These vulnerabilities have been fixed in commit d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-15681.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-15681.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-15681","reference_id":"","reference_type":"","scores":[{"value":"0.0937","scoring_system":"epss","scoring_elements":"0.9293","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0937","scoring_system":"epss","scoring_elements":"0.92941","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-15681"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15681","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15681"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1854761","reference_id":"1854761","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1854761"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=943793","reference_id":"943793","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=943793"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=945784","reference_id":"945784","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=945784"},{"reference_url":"https://usn.ubuntu.com/4407-1/","reference_id":"USN-4407-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4407-1/"},{"reference_url":"https://usn.ubuntu.com/4547-1/","reference_id":"USN-4547-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4547-1/"},{"reference_url":"https://usn.ubuntu.com/4573-1/","reference_id":"USN-4573-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4573-1/"},{"reference_url":"https://usn.ubuntu.com/4587-1/","reference_id":"USN-4587-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4587-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/509716?format=json","purl":"pkg:deb/debian/libvncserver@0.9.13%2Bdfsg-2%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-29gt-w9qk-a3ac"},{"vulnerability":"VCID-878j-2fje-33c9"},{"vulnerability":"VCID-znxq-kbyc-h7cd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.13%252Bdfsg-2%252Bdeb11u1"}],"aliases":["CVE-2019-15681"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ykkk-3xmt-d7g7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77692?format=json","vulnerability_id":"VCID-yzge-5eyr-3kc8","summary":"An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c. NOTE: Third parties do not consider this to be a vulnerability as there is no known path of exploitation or cross of a trust boundary","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14400.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14400.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14400","reference_id":"","reference_type":"","scores":[{"value":"0.02462","scoring_system":"epss","scoring_elements":"0.85524","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02462","scoring_system":"epss","scoring_elements":"0.85547","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14400"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14400","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14400"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1860361","reference_id":"1860361","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1860361"},{"reference_url":"https://usn.ubuntu.com/4434-1/","reference_id":"USN-4434-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4434-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/509716?format=json","purl":"pkg:deb/debian/libvncserver@0.9.13%2Bdfsg-2%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-29gt-w9qk-a3ac"},{"vulnerability":"VCID-878j-2fje-33c9"},{"vulnerability":"VCID-znxq-kbyc-h7cd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.13%252Bdfsg-2%252Bdeb11u1"}],"aliases":["CVE-2020-14400"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yzge-5eyr-3kc8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77672?format=json","vulnerability_id":"VCID-zy7m-4sfy-1fad","summary":"LibVNC before 8b06f835e259652b0ff026898014fc7297ade858 contains CWE-665: Improper Initialization vulnerability in VNC Repeater client code that allows attacker to read stack memory and can be abuse for information disclosure. Combined with another vulnerability, it can be used to leak stack memory layout and in bypassing ASLR","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20023.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20023.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20023","reference_id":"","reference_type":"","scores":[{"value":"0.00856","scoring_system":"epss","scoring_elements":"0.75324","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00856","scoring_system":"epss","scoring_elements":"0.75353","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20023"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15126","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15126"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15127","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15127"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20019","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20019"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20020","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20020"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20021","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20021"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20022","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20022"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20023","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20023"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20024","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20024"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-21247","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-21247"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6307","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6307"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1661128","reference_id":"1661128","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1661128"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916941","reference_id":"916941","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916941"},{"reference_url":"https://security.gentoo.org/glsa/201908-05","reference_id":"GLSA-201908-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201908-05"},{"reference_url":"https://usn.ubuntu.com/3877-1/","reference_id":"USN-3877-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3877-1/"},{"reference_url":"https://usn.ubuntu.com/4547-1/","reference_id":"USN-4547-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4547-1/"},{"reference_url":"https://usn.ubuntu.com/4587-1/","reference_id":"USN-4587-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4587-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5110?format=json","purl":"pkg:deb/debian/libvncserver@0.9.11%2Bdfsg-1.3~deb9u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3938-7dgh-t7fc"},{"vulnerability":"VCID-3gf3-zrf8-uuc5"},{"vulnerability":"VCID-5q7x-qej6-skap"},{"vulnerability":"VCID-72vg-qxu9-nkfy"},{"vulnerability":"VCID-8hw6-pgk7-u3aq"},{"vulnerability":"VCID-9d78-wqhh-pbcn"},{"vulnerability":"VCID-du17-2h7q-tbdw"},{"vulnerability":"VCID-eks9-j9wf-q7cn"},{"vulnerability":"VCID-fj5x-gk5u-9fcy"},{"vulnerability":"VCID-hh4x-d9pd-ebe4"},{"vulnerability":"VCID-j4zz-yk4y-y7ds"},{"vulnerability":"VCID-jn8p-cbaf-uqc7"},{"vulnerability":"VCID-kt63-8u88-wkam"},{"vulnerability":"VCID-rb8e-gsev-7kaw"},{"vulnerability":"VCID-rqua-ax7d-w7ae"},{"vulnerability":"VCID-t4ke-zyfm-nqd3"},{"vulnerability":"VCID-uv5b-pus6-afa9"},{"vulnerability":"VCID-uw43-p37a-syec"},{"vulnerability":"VCID-vdnw-c2k8-pfdy"},{"vulnerability":"VCID-ykkk-3xmt-d7g7"},{"vulnerability":"VCID-yzge-5eyr-3kc8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.11%252Bdfsg-1.3~deb9u4"}],"aliases":["CVE-2018-20023"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zy7m-4sfy-1fad"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6328?format=json","vulnerability_id":"VCID-3m91-rw1t-5bh8","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7225.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7225.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-7225","reference_id":"","reference_type":"","scores":[{"value":"0.03304","scoring_system":"epss","scoring_elements":"0.87461","published_at":"2026-06-04T12:55:00Z"},{"value":"0.03304","scoring_system":"epss","scoring_elements":"0.87483","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-7225"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7225","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7225"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1546858","reference_id":"1546858","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1546858"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=894045","reference_id":"894045","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=894045"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=945784","reference_id":"945784","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=945784"},{"reference_url":"https://security.archlinux.org/AVG-628","reference_id":"AVG-628","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-628"},{"reference_url":"https://security.gentoo.org/glsa/201908-05","reference_id":"GLSA-201908-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201908-05"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1055","reference_id":"RHSA-2018:1055","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1055"},{"reference_url":"https://usn.ubuntu.com/3618-1/","reference_id":"USN-3618-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3618-1/"},{"reference_url":"https://usn.ubuntu.com/4547-1/","reference_id":"USN-4547-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4547-1/"},{"reference_url":"https://usn.ubuntu.com/4573-1/","reference_id":"USN-4573-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4573-1/"},{"reference_url":"https://usn.ubuntu.com/4587-1/","reference_id":"USN-4587-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4587-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4200?format=json","purl":"pkg:deb/debian/libvncserver@0.9.9%2Bdfsg2-6.1%2Bdeb8u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13ws-y65t-ykbx"},{"vulnerability":"VCID-3938-7dgh-t7fc"},{"vulnerability":"VCID-3gf3-zrf8-uuc5"},{"vulnerability":"VCID-3m91-rw1t-5bh8"},{"vulnerability":"VCID-41xg-5knm-8udw"},{"vulnerability":"VCID-5q7x-qej6-skap"},{"vulnerability":"VCID-72vg-qxu9-nkfy"},{"vulnerability":"VCID-8hw6-pgk7-u3aq"},{"vulnerability":"VCID-925y-k5rf-nuf3"},{"vulnerability":"VCID-9d78-wqhh-pbcn"},{"vulnerability":"VCID-9jwb-wjfy-cfgf"},{"vulnerability":"VCID-bvhy-zh6b-pkbs"},{"vulnerability":"VCID-c2a5-uma8-x7hz"},{"vulnerability":"VCID-du17-2h7q-tbdw"},{"vulnerability":"VCID-eks9-j9wf-q7cn"},{"vulnerability":"VCID-fj5x-gk5u-9fcy"},{"vulnerability":"VCID-gj1t-919b-abg3"},{"vulnerability":"VCID-hh4x-d9pd-ebe4"},{"vulnerability":"VCID-hu3m-g1h4-sufg"},{"vulnerability":"VCID-j4zz-yk4y-y7ds"},{"vulnerability":"VCID-jn8p-cbaf-uqc7"},{"vulnerability":"VCID-jvfk-sg6j-mfhc"},{"vulnerability":"VCID-kt63-8u88-wkam"},{"vulnerability":"VCID-r4yj-wxr9-fub5"},{"vulnerability":"VCID-rb8e-gsev-7kaw"},{"vulnerability":"VCID-rqua-ax7d-w7ae"},{"vulnerability":"VCID-t4ke-zyfm-nqd3"},{"vulnerability":"VCID-uv5b-pus6-afa9"},{"vulnerability":"VCID-uw43-p37a-syec"},{"vulnerability":"VCID-vdnw-c2k8-pfdy"},{"vulnerability":"VCID-xjak-aj11-5ugb"},{"vulnerability":"VCID-ykkk-3xmt-d7g7"},{"vulnerability":"VCID-yzge-5eyr-3kc8"},{"vulnerability":"VCID-zy7m-4sfy-1fad"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.9%252Bdfsg2-6.1%252Bdeb8u3"},{"url":"http://public2.vulnerablecode.io/api/packages/5110?format=json","purl":"pkg:deb/debian/libvncserver@0.9.11%2Bdfsg-1.3~deb9u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3938-7dgh-t7fc"},{"vulnerability":"VCID-3gf3-zrf8-uuc5"},{"vulnerability":"VCID-5q7x-qej6-skap"},{"vulnerability":"VCID-72vg-qxu9-nkfy"},{"vulnerability":"VCID-8hw6-pgk7-u3aq"},{"vulnerability":"VCID-9d78-wqhh-pbcn"},{"vulnerability":"VCID-du17-2h7q-tbdw"},{"vulnerability":"VCID-eks9-j9wf-q7cn"},{"vulnerability":"VCID-fj5x-gk5u-9fcy"},{"vulnerability":"VCID-hh4x-d9pd-ebe4"},{"vulnerability":"VCID-j4zz-yk4y-y7ds"},{"vulnerability":"VCID-jn8p-cbaf-uqc7"},{"vulnerability":"VCID-kt63-8u88-wkam"},{"vulnerability":"VCID-rb8e-gsev-7kaw"},{"vulnerability":"VCID-rqua-ax7d-w7ae"},{"vulnerability":"VCID-t4ke-zyfm-nqd3"},{"vulnerability":"VCID-uv5b-pus6-afa9"},{"vulnerability":"VCID-uw43-p37a-syec"},{"vulnerability":"VCID-vdnw-c2k8-pfdy"},{"vulnerability":"VCID-ykkk-3xmt-d7g7"},{"vulnerability":"VCID-yzge-5eyr-3kc8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.11%252Bdfsg-1.3~deb9u4"}],"aliases":["CVE-2018-7225"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3m91-rw1t-5bh8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4665?format=json","vulnerability_id":"VCID-925y-k5rf-nuf3","summary":"arbitrary code execution","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9941.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9941.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9941","reference_id":"","reference_type":"","scores":[{"value":"0.01661","scoring_system":"epss","scoring_elements":"0.82403","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01661","scoring_system":"epss","scoring_elements":"0.82431","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9941"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9941","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9941"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9942","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9942"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1410166","reference_id":"1410166","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1410166"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850007","reference_id":"850007","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850007"},{"reference_url":"https://security.archlinux.org/ASA-201701-20","reference_id":"ASA-201701-20","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-20"},{"reference_url":"https://security.archlinux.org/AVG-124","reference_id":"AVG-124","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-124"},{"reference_url":"https://security.gentoo.org/glsa/201702-24","reference_id":"GLSA-201702-24","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201702-24"},{"reference_url":"https://usn.ubuntu.com/3171-1/","reference_id":"USN-3171-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3171-1/"},{"reference_url":"https://usn.ubuntu.com/4587-1/","reference_id":"USN-4587-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4587-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4200?format=json","purl":"pkg:deb/debian/libvncserver@0.9.9%2Bdfsg2-6.1%2Bdeb8u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13ws-y65t-ykbx"},{"vulnerability":"VCID-3938-7dgh-t7fc"},{"vulnerability":"VCID-3gf3-zrf8-uuc5"},{"vulnerability":"VCID-3m91-rw1t-5bh8"},{"vulnerability":"VCID-41xg-5knm-8udw"},{"vulnerability":"VCID-5q7x-qej6-skap"},{"vulnerability":"VCID-72vg-qxu9-nkfy"},{"vulnerability":"VCID-8hw6-pgk7-u3aq"},{"vulnerability":"VCID-925y-k5rf-nuf3"},{"vulnerability":"VCID-9d78-wqhh-pbcn"},{"vulnerability":"VCID-9jwb-wjfy-cfgf"},{"vulnerability":"VCID-bvhy-zh6b-pkbs"},{"vulnerability":"VCID-c2a5-uma8-x7hz"},{"vulnerability":"VCID-du17-2h7q-tbdw"},{"vulnerability":"VCID-eks9-j9wf-q7cn"},{"vulnerability":"VCID-fj5x-gk5u-9fcy"},{"vulnerability":"VCID-gj1t-919b-abg3"},{"vulnerability":"VCID-hh4x-d9pd-ebe4"},{"vulnerability":"VCID-hu3m-g1h4-sufg"},{"vulnerability":"VCID-j4zz-yk4y-y7ds"},{"vulnerability":"VCID-jn8p-cbaf-uqc7"},{"vulnerability":"VCID-jvfk-sg6j-mfhc"},{"vulnerability":"VCID-kt63-8u88-wkam"},{"vulnerability":"VCID-r4yj-wxr9-fub5"},{"vulnerability":"VCID-rb8e-gsev-7kaw"},{"vulnerability":"VCID-rqua-ax7d-w7ae"},{"vulnerability":"VCID-t4ke-zyfm-nqd3"},{"vulnerability":"VCID-uv5b-pus6-afa9"},{"vulnerability":"VCID-uw43-p37a-syec"},{"vulnerability":"VCID-vdnw-c2k8-pfdy"},{"vulnerability":"VCID-xjak-aj11-5ugb"},{"vulnerability":"VCID-ykkk-3xmt-d7g7"},{"vulnerability":"VCID-yzge-5eyr-3kc8"},{"vulnerability":"VCID-zy7m-4sfy-1fad"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.9%252Bdfsg2-6.1%252Bdeb8u3"},{"url":"http://public2.vulnerablecode.io/api/packages/5110?format=json","purl":"pkg:deb/debian/libvncserver@0.9.11%2Bdfsg-1.3~deb9u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3938-7dgh-t7fc"},{"vulnerability":"VCID-3gf3-zrf8-uuc5"},{"vulnerability":"VCID-5q7x-qej6-skap"},{"vulnerability":"VCID-72vg-qxu9-nkfy"},{"vulnerability":"VCID-8hw6-pgk7-u3aq"},{"vulnerability":"VCID-9d78-wqhh-pbcn"},{"vulnerability":"VCID-du17-2h7q-tbdw"},{"vulnerability":"VCID-eks9-j9wf-q7cn"},{"vulnerability":"VCID-fj5x-gk5u-9fcy"},{"vulnerability":"VCID-hh4x-d9pd-ebe4"},{"vulnerability":"VCID-j4zz-yk4y-y7ds"},{"vulnerability":"VCID-jn8p-cbaf-uqc7"},{"vulnerability":"VCID-kt63-8u88-wkam"},{"vulnerability":"VCID-rb8e-gsev-7kaw"},{"vulnerability":"VCID-rqua-ax7d-w7ae"},{"vulnerability":"VCID-t4ke-zyfm-nqd3"},{"vulnerability":"VCID-uv5b-pus6-afa9"},{"vulnerability":"VCID-uw43-p37a-syec"},{"vulnerability":"VCID-vdnw-c2k8-pfdy"},{"vulnerability":"VCID-ykkk-3xmt-d7g7"},{"vulnerability":"VCID-yzge-5eyr-3kc8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.11%252Bdfsg-1.3~deb9u4"}],"aliases":["CVE-2016-9941"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-925y-k5rf-nuf3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4664?format=json","vulnerability_id":"VCID-xjak-aj11-5ugb","summary":"arbitrary code execution","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9942.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9942.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9942","reference_id":"","reference_type":"","scores":[{"value":"0.01661","scoring_system":"epss","scoring_elements":"0.82403","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01661","scoring_system":"epss","scoring_elements":"0.82431","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9942"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9941","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9941"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9942","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9942"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1410168","reference_id":"1410168","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1410168"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850008","reference_id":"850008","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850008"},{"reference_url":"https://security.archlinux.org/ASA-201701-20","reference_id":"ASA-201701-20","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-20"},{"reference_url":"https://security.archlinux.org/AVG-124","reference_id":"AVG-124","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-124"},{"reference_url":"https://security.gentoo.org/glsa/201702-24","reference_id":"GLSA-201702-24","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201702-24"},{"reference_url":"https://usn.ubuntu.com/3171-1/","reference_id":"USN-3171-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3171-1/"},{"reference_url":"https://usn.ubuntu.com/4587-1/","reference_id":"USN-4587-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4587-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4200?format=json","purl":"pkg:deb/debian/libvncserver@0.9.9%2Bdfsg2-6.1%2Bdeb8u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13ws-y65t-ykbx"},{"vulnerability":"VCID-3938-7dgh-t7fc"},{"vulnerability":"VCID-3gf3-zrf8-uuc5"},{"vulnerability":"VCID-3m91-rw1t-5bh8"},{"vulnerability":"VCID-41xg-5knm-8udw"},{"vulnerability":"VCID-5q7x-qej6-skap"},{"vulnerability":"VCID-72vg-qxu9-nkfy"},{"vulnerability":"VCID-8hw6-pgk7-u3aq"},{"vulnerability":"VCID-925y-k5rf-nuf3"},{"vulnerability":"VCID-9d78-wqhh-pbcn"},{"vulnerability":"VCID-9jwb-wjfy-cfgf"},{"vulnerability":"VCID-bvhy-zh6b-pkbs"},{"vulnerability":"VCID-c2a5-uma8-x7hz"},{"vulnerability":"VCID-du17-2h7q-tbdw"},{"vulnerability":"VCID-eks9-j9wf-q7cn"},{"vulnerability":"VCID-fj5x-gk5u-9fcy"},{"vulnerability":"VCID-gj1t-919b-abg3"},{"vulnerability":"VCID-hh4x-d9pd-ebe4"},{"vulnerability":"VCID-hu3m-g1h4-sufg"},{"vulnerability":"VCID-j4zz-yk4y-y7ds"},{"vulnerability":"VCID-jn8p-cbaf-uqc7"},{"vulnerability":"VCID-jvfk-sg6j-mfhc"},{"vulnerability":"VCID-kt63-8u88-wkam"},{"vulnerability":"VCID-r4yj-wxr9-fub5"},{"vulnerability":"VCID-rb8e-gsev-7kaw"},{"vulnerability":"VCID-rqua-ax7d-w7ae"},{"vulnerability":"VCID-t4ke-zyfm-nqd3"},{"vulnerability":"VCID-uv5b-pus6-afa9"},{"vulnerability":"VCID-uw43-p37a-syec"},{"vulnerability":"VCID-vdnw-c2k8-pfdy"},{"vulnerability":"VCID-xjak-aj11-5ugb"},{"vulnerability":"VCID-ykkk-3xmt-d7g7"},{"vulnerability":"VCID-yzge-5eyr-3kc8"},{"vulnerability":"VCID-zy7m-4sfy-1fad"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.9%252Bdfsg2-6.1%252Bdeb8u3"},{"url":"http://public2.vulnerablecode.io/api/packages/5110?format=json","purl":"pkg:deb/debian/libvncserver@0.9.11%2Bdfsg-1.3~deb9u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3938-7dgh-t7fc"},{"vulnerability":"VCID-3gf3-zrf8-uuc5"},{"vulnerability":"VCID-5q7x-qej6-skap"},{"vulnerability":"VCID-72vg-qxu9-nkfy"},{"vulnerability":"VCID-8hw6-pgk7-u3aq"},{"vulnerability":"VCID-9d78-wqhh-pbcn"},{"vulnerability":"VCID-du17-2h7q-tbdw"},{"vulnerability":"VCID-eks9-j9wf-q7cn"},{"vulnerability":"VCID-fj5x-gk5u-9fcy"},{"vulnerability":"VCID-hh4x-d9pd-ebe4"},{"vulnerability":"VCID-j4zz-yk4y-y7ds"},{"vulnerability":"VCID-jn8p-cbaf-uqc7"},{"vulnerability":"VCID-kt63-8u88-wkam"},{"vulnerability":"VCID-rb8e-gsev-7kaw"},{"vulnerability":"VCID-rqua-ax7d-w7ae"},{"vulnerability":"VCID-t4ke-zyfm-nqd3"},{"vulnerability":"VCID-uv5b-pus6-afa9"},{"vulnerability":"VCID-uw43-p37a-syec"},{"vulnerability":"VCID-vdnw-c2k8-pfdy"},{"vulnerability":"VCID-ykkk-3xmt-d7g7"},{"vulnerability":"VCID-yzge-5eyr-3kc8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.11%252Bdfsg-1.3~deb9u4"}],"aliases":["CVE-2016-9942"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xjak-aj11-5ugb"}],"risk_score":"4.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvncserver@0.9.9%252Bdfsg2-6.1%252Bdeb8u3"}