Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:apk/alpine/openssh@7.4_p1-r0?arch=armv7&distroversion=v3.11&reponame=main
Typeapk
Namespacealpine
Nameopenssh
Version7.4_p1-r0
Qualifiers
arch armv7
distroversion v3.11
reponame main
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version7.5_p1-r8
Latest_non_vulnerable_version8.1_p1-r1
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-dk46-7un2-z3bw
vulnerability_id VCID-dk46-7un2-z3bw
summary Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent-socket.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10009.json
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10009.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-10009
reference_id
reference_type
scores
0
value 0.01579
scoring_system epss
scoring_elements 0.81934
published_at 2026-06-08T12:55:00Z
1
value 0.01579
scoring_system epss
scoring_elements 0.81941
published_at 2026-06-07T12:55:00Z
2
value 0.01579
scoring_system epss
scoring_elements 0.81939
published_at 2026-06-05T12:55:00Z
3
value 0.01579
scoring_system epss
scoring_elements 0.81905
published_at 2026-06-04T12:55:00Z
4
value 0.01579
scoring_system epss
scoring_elements 0.8194
published_at 2026-06-06T12:55:00Z
5
value 0.01579
scoring_system epss
scoring_elements 0.81949
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-10009
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10009
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10009
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv2
scoring_elements AV:N/AC:H/Au:S/C:P/I:P/A:P
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url http://www.openwall.com/lists/oss-security/2023/07/20/1
reference_id 1
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:23:45Z/
url http://www.openwall.com/lists/oss-security/2023/07/20/1
5
reference_url http://www.securitytracker.com/id/1037490
reference_id 1037490
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:23:45Z/
url http://www.securitytracker.com/id/1037490
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1406269
reference_id 1406269
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1406269
7
reference_url http://www.openwall.com/lists/oss-security/2016/12/19/2
reference_id 2
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:23:45Z/
url http://www.openwall.com/lists/oss-security/2016/12/19/2
8
reference_url http://seclists.org/fulldisclosure/2023/Jul/31
reference_id 31
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:23:45Z/
url http://seclists.org/fulldisclosure/2023/Jul/31
9
reference_url https://usn.ubuntu.com/3538-1/
reference_id 3538-1
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:23:45Z/
url https://usn.ubuntu.com/3538-1/
10
reference_url https://www.exploit-db.com/exploits/40963/
reference_id 40963
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:23:45Z/
url https://www.exploit-db.com/exploits/40963/
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=848714
reference_id 848714
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=848714
12
reference_url http://www.openwall.com/lists/oss-security/2023/07/19/9
reference_id 9
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:23:45Z/
url http://www.openwall.com/lists/oss-security/2023/07/19/9
13
reference_url https://github.com/openbsd/src/commit/9476ce1dd37d3c3218d5640b74c34c65e5f4efe5
reference_id 9476ce1dd37d3c3218d5640b74c34c65e5f4efe5
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:23:45Z/
url https://github.com/openbsd/src/commit/9476ce1dd37d3c3218d5640b74c34c65e5f4efe5
14
reference_url http://www.securityfocus.com/bid/94968
reference_id 94968
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:23:45Z/
url http://www.securityfocus.com/bid/94968
15
reference_url https://security.archlinux.org/ASA-201612-20
reference_id ASA-201612-20
reference_type
scores
url https://security.archlinux.org/ASA-201612-20
16
reference_url https://security.archlinux.org/AVG-110
reference_id AVG-110
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-110
17
reference_url https://bugs.chromium.org/p/project-zero/issues/detail?id=1009
reference_id CVE-2016-10009
reference_type exploit
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:23:45Z/
url https://bugs.chromium.org/p/project-zero/issues/detail?id=1009
18
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/40963.txt
reference_id CVE-2016-10009
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/40963.txt
19
reference_url https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03818en_us
reference_id display?docLocale=en_US&docId=emr_na-hpesbux03818en_us
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:23:45Z/
url https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03818en_us
20
reference_url https://security.FreeBSD.org/advisories/FreeBSD-SA-17:01.openssh.asc
reference_id FreeBSD-SA-17:01.openssh.asc
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:23:45Z/
url https://security.FreeBSD.org/advisories/FreeBSD-SA-17:01.openssh.asc
21
reference_url https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html
reference_id msg00010.html
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:23:45Z/
url https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html
22
reference_url https://security.netapp.com/advisory/ntap-20171130-0002/
reference_id ntap-20171130-0002
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:23:45Z/
url https://security.netapp.com/advisory/ntap-20171130-0002/
23
reference_url http://packetstormsecurity.com/files/140261/OpenSSH-Arbitrary-Library-Loading.html
reference_id OpenSSH-Arbitrary-Library-Loading.html
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:23:45Z/
url http://packetstormsecurity.com/files/140261/OpenSSH-Arbitrary-Library-Loading.html
24
reference_url http://packetstormsecurity.com/files/173661/OpenSSH-Forwarded-SSH-Agent-Remote-Code-Execution.html
reference_id OpenSSH-Forwarded-SSH-Agent-Remote-Code-Execution.html
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:23:45Z/
url http://packetstormsecurity.com/files/173661/OpenSSH-Forwarded-SSH-Agent-Remote-Code-Execution.html
25
reference_url https://www.openssh.com/txt/release-7.4
reference_id release-7.4
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:23:45Z/
url https://www.openssh.com/txt/release-7.4
26
reference_url https://access.redhat.com/errata/RHSA-2017:2029
reference_id RHSA-2017:2029
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:23:45Z/
url https://access.redhat.com/errata/RHSA-2017:2029
27
reference_url https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
reference_id ssa-412672.pdf
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:23:45Z/
url https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
28
reference_url http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.647637
reference_id viewer.php?l=slackware-security&y=2016&m=slackware-security.647637
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:23:45Z/
url http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.647637
fixed_packages
0
url pkg:apk/alpine/openssh@7.4_p1-r0?arch=armv7&distroversion=v3.11&reponame=main
purl pkg:apk/alpine/openssh@7.4_p1-r0?arch=armv7&distroversion=v3.11&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssh@7.4_p1-r0%3Farch=armv7&distroversion=v3.11&reponame=main
aliases CVE-2016-10009
risk_score 10.0
exploitability 2.0
weighted_severity 6.6
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dk46-7un2-z3bw
1
url VCID-gpxr-fhh7-ubcm
vulnerability_id VCID-gpxr-fhh7-ubcm
summary sshd in OpenSSH before 7.4, when privilege separation is not used, creates forwarded Unix-domain sockets as root, which might allow local users to gain privileges via unspecified vectors, related to serverloop.c.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10010.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10010.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-10010
reference_id
reference_type
scores
0
value 0.00087
scoring_system epss
scoring_elements 0.24871
published_at 2026-06-09T12:55:00Z
1
value 0.00087
scoring_system epss
scoring_elements 0.24893
published_at 2026-06-04T12:55:00Z
2
value 0.00087
scoring_system epss
scoring_elements 0.24988
published_at 2026-06-05T12:55:00Z
3
value 0.00087
scoring_system epss
scoring_elements 0.24976
published_at 2026-06-06T12:55:00Z
4
value 0.00087
scoring_system epss
scoring_elements 0.24921
published_at 2026-06-07T12:55:00Z
5
value 0.00087
scoring_system epss
scoring_elements 0.24862
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-10010
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10010
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10010
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv2
scoring_elements AV:N/AC:H/Au:S/C:C/I:C/A:C
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url http://www.securitytracker.com/id/1037490
reference_id 1037490
reference_type
scores
0
value 7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:22:39Z/
url http://www.securitytracker.com/id/1037490
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1406278
reference_id 1406278
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1406278
6
reference_url http://www.openwall.com/lists/oss-security/2016/12/19/2
reference_id 2
reference_type
scores
0
value 7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:22:39Z/
url http://www.openwall.com/lists/oss-security/2016/12/19/2
7
reference_url https://www.exploit-db.com/exploits/40962/
reference_id 40962
reference_type
scores
0
value 7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:22:39Z/
url https://www.exploit-db.com/exploits/40962/
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=848715
reference_id 848715
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=848715
9
reference_url http://www.securityfocus.com/bid/94972
reference_id 94972
reference_type
scores
0
value 7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:22:39Z/
url http://www.securityfocus.com/bid/94972
10
reference_url https://security.archlinux.org/ASA-201612-20
reference_id ASA-201612-20
reference_type
scores
url https://security.archlinux.org/ASA-201612-20
11
reference_url https://security.archlinux.org/AVG-110
reference_id AVG-110
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-110
12
reference_url https://github.com/openbsd/src/commit/c76fac666ea038753294f2ac94d310f8adece9ce
reference_id c76fac666ea038753294f2ac94d310f8adece9ce
reference_type
scores
0
value 7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:22:39Z/
url https://github.com/openbsd/src/commit/c76fac666ea038753294f2ac94d310f8adece9ce
13
reference_url https://bugs.chromium.org/p/project-zero/issues/detail?id=1010
reference_id CVE-2016-10010
reference_type exploit
scores
0
value 7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:22:39Z/
url https://bugs.chromium.org/p/project-zero/issues/detail?id=1010
14
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/40962.txt
reference_id CVE-2016-10010
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/40962.txt
15
reference_url https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03818en_us
reference_id display?docLocale=en_US&docId=emr_na-hpesbux03818en_us
reference_type
scores
0
value 7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:22:39Z/
url https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03818en_us
16
reference_url https://security.FreeBSD.org/advisories/FreeBSD-SA-17:01.openssh.asc
reference_id FreeBSD-SA-17:01.openssh.asc
reference_type
scores
0
value 7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:22:39Z/
url https://security.FreeBSD.org/advisories/FreeBSD-SA-17:01.openssh.asc
17
reference_url https://security.netapp.com/advisory/ntap-20171130-0002/
reference_id ntap-20171130-0002
reference_type
scores
0
value 7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:22:39Z/
url https://security.netapp.com/advisory/ntap-20171130-0002/
18
reference_url http://packetstormsecurity.com/files/140262/OpenSSH-Local-Privilege-Escalation.html
reference_id OpenSSH-Local-Privilege-Escalation.html
reference_type
scores
0
value 7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:22:39Z/
url http://packetstormsecurity.com/files/140262/OpenSSH-Local-Privilege-Escalation.html
19
reference_url https://www.openssh.com/txt/release-7.4
reference_id release-7.4
reference_type
scores
0
value 7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:22:39Z/
url https://www.openssh.com/txt/release-7.4
20
reference_url https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
reference_id ssa-412672.pdf
reference_type
scores
0
value 7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:22:39Z/
url https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
21
reference_url http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.647637
reference_id viewer.php?l=slackware-security&y=2016&m=slackware-security.647637
reference_type
scores
0
value 7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-29T20:22:39Z/
url http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.647637
fixed_packages
0
url pkg:apk/alpine/openssh@7.4_p1-r0?arch=armv7&distroversion=v3.11&reponame=main
purl pkg:apk/alpine/openssh@7.4_p1-r0?arch=armv7&distroversion=v3.11&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssh@7.4_p1-r0%3Farch=armv7&distroversion=v3.11&reponame=main
aliases CVE-2016-10010
risk_score 10.0
exploitability 2.0
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gpxr-fhh7-ubcm
2
url VCID-jpff-x78s-nkhw
vulnerability_id VCID-jpff-x78s-nkhw
summary authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtain sensitive private-key information by leveraging access to a privilege-separated child process.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10011.json
reference_id
reference_type
scores
0
value 2.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10011.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-10011
reference_id
reference_type
scores
0
value 0.00015
scoring_system epss
scoring_elements 0.03033
published_at 2026-06-04T12:55:00Z
1
value 0.00015
scoring_system epss
scoring_elements 0.0316
published_at 2026-06-09T12:55:00Z
2
value 0.00015
scoring_system epss
scoring_elements 0.03186
published_at 2026-06-08T12:55:00Z
3
value 0.00015
scoring_system epss
scoring_elements 0.03205
published_at 2026-06-07T12:55:00Z
4
value 0.00015
scoring_system epss
scoring_elements 0.03052
published_at 2026-06-06T12:55:00Z
5
value 0.00015
scoring_system epss
scoring_elements 0.03044
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-10011
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10011
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10011
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 1
scoring_system cvssv2
scoring_elements AV:L/AC:H/Au:S/C:P/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url http://www.securitytracker.com/id/1037490
reference_id 1037490
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:19:02Z/
url http://www.securitytracker.com/id/1037490
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1406286
reference_id 1406286
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1406286
6
reference_url http://www.openwall.com/lists/oss-security/2016/12/19/2
reference_id 2
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:19:02Z/
url http://www.openwall.com/lists/oss-security/2016/12/19/2
7
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=848716
reference_id 848716
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=848716
8
reference_url http://www.securityfocus.com/bid/94977
reference_id 94977
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:19:02Z/
url http://www.securityfocus.com/bid/94977
9
reference_url https://github.com/openbsd/src/commit/ac8147a06ed2e2403fb6b9a0c03e618a9333c0e9
reference_id ac8147a06ed2e2403fb6b9a0c03e618a9333c0e9
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:19:02Z/
url https://github.com/openbsd/src/commit/ac8147a06ed2e2403fb6b9a0c03e618a9333c0e9
10
reference_url https://security.archlinux.org/ASA-201612-20
reference_id ASA-201612-20
reference_type
scores
url https://security.archlinux.org/ASA-201612-20
11
reference_url https://security.archlinux.org/AVG-110
reference_id AVG-110
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-110
12
reference_url https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03818en_us
reference_id display?docLocale=en_US&docId=emr_na-hpesbux03818en_us
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:19:02Z/
url https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03818en_us
13
reference_url https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html
reference_id msg00010.html
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:19:02Z/
url https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html
14
reference_url https://security.netapp.com/advisory/ntap-20171130-0002/
reference_id ntap-20171130-0002
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:19:02Z/
url https://security.netapp.com/advisory/ntap-20171130-0002/
15
reference_url https://www.openssh.com/txt/release-7.4
reference_id release-7.4
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:19:02Z/
url https://www.openssh.com/txt/release-7.4
16
reference_url https://access.redhat.com/errata/RHSA-2017:2029
reference_id RHSA-2017:2029
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:19:02Z/
url https://access.redhat.com/errata/RHSA-2017:2029
17
reference_url https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
reference_id ssa-412672.pdf
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:19:02Z/
url https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
18
reference_url https://cert-portal.siemens.com/productcert/pdf/ssa-676336.pdf
reference_id ssa-676336.pdf
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:19:02Z/
url https://cert-portal.siemens.com/productcert/pdf/ssa-676336.pdf
19
reference_url http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.647637
reference_id viewer.php?l=slackware-security&y=2016&m=slackware-security.647637
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:19:02Z/
url http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.647637
fixed_packages
0
url pkg:apk/alpine/openssh@7.4_p1-r0?arch=armv7&distroversion=v3.11&reponame=main
purl pkg:apk/alpine/openssh@7.4_p1-r0?arch=armv7&distroversion=v3.11&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssh@7.4_p1-r0%3Farch=armv7&distroversion=v3.11&reponame=main
aliases CVE-2016-10011
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jpff-x78s-nkhw
3
url VCID-zm3p-3m17-47cy
vulnerability_id VCID-zm3p-3m17-47cy
summary The shared memory manager (associated with pre-authentication compression) in sshd in OpenSSH before 7.4 does not ensure that a bounds check is enforced by all compilers, which might allows local users to gain privileges by leveraging access to a sandboxed privilege-separation process, related to the m_zback and m_zlib data structures.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10012.json
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10012.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-10012
reference_id
reference_type
scores
0
value 0.00022
scoring_system epss
scoring_elements 0.06419
published_at 2026-06-09T12:55:00Z
1
value 0.00022
scoring_system epss
scoring_elements 0.06446
published_at 2026-06-04T12:55:00Z
2
value 0.00022
scoring_system epss
scoring_elements 0.06475
published_at 2026-06-05T12:55:00Z
3
value 0.00022
scoring_system epss
scoring_elements 0.06467
published_at 2026-06-06T12:55:00Z
4
value 0.00022
scoring_system epss
scoring_elements 0.06458
published_at 2026-06-07T12:55:00Z
5
value 0.00022
scoring_system epss
scoring_elements 0.06411
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-10012
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10012
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10012
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.6
scoring_system cvssv2
scoring_elements AV:N/AC:H/Au:S/C:P/I:P/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url http://www.securitytracker.com/id/1037490
reference_id 1037490
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-30T19:00:16Z/
url http://www.securitytracker.com/id/1037490
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1406293
reference_id 1406293
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1406293
6
reference_url http://www.openwall.com/lists/oss-security/2016/12/19/2
reference_id 2
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-30T19:00:16Z/
url http://www.openwall.com/lists/oss-security/2016/12/19/2
7
reference_url https://github.com/openbsd/src/commit/3095060f479b86288e31c79ecbc5131a66bcd2f9
reference_id 3095060f479b86288e31c79ecbc5131a66bcd2f9
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-30T19:00:16Z/
url https://github.com/openbsd/src/commit/3095060f479b86288e31c79ecbc5131a66bcd2f9
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=848717
reference_id 848717
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=848717
9
reference_url http://www.securityfocus.com/bid/94975
reference_id 94975
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-30T19:00:16Z/
url http://www.securityfocus.com/bid/94975
10
reference_url https://security.archlinux.org/ASA-201612-20
reference_id ASA-201612-20
reference_type
scores
url https://security.archlinux.org/ASA-201612-20
11
reference_url https://security.archlinux.org/AVG-110
reference_id AVG-110
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-110
12
reference_url https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03818en_us
reference_id display?docLocale=en_US&docId=emr_na-hpesbux03818en_us
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-30T19:00:16Z/
url https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03818en_us
13
reference_url https://support.f5.com/csp/article/K62201745?utm_source=f5support&amp%3Butm_medium=RSS
reference_id K62201745?utm_source=f5support&amp%3Butm_medium=RSS
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-30T19:00:16Z/
url https://support.f5.com/csp/article/K62201745?utm_source=f5support&amp%3Butm_medium=RSS
14
reference_url https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html
reference_id msg00010.html
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-30T19:00:16Z/
url https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html
15
reference_url https://security.netapp.com/advisory/ntap-20171130-0002/
reference_id ntap-20171130-0002
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-30T19:00:16Z/
url https://security.netapp.com/advisory/ntap-20171130-0002/
16
reference_url https://www.openssh.com/txt/release-7.4
reference_id release-7.4
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-30T19:00:16Z/
url https://www.openssh.com/txt/release-7.4
17
reference_url https://access.redhat.com/errata/RHSA-2017:2029
reference_id RHSA-2017:2029
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-30T19:00:16Z/
url https://access.redhat.com/errata/RHSA-2017:2029
18
reference_url https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
reference_id ssa-412672.pdf
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-30T19:00:16Z/
url https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
19
reference_url http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.647637
reference_id viewer.php?l=slackware-security&y=2016&m=slackware-security.647637
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-30T19:00:16Z/
url http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.647637
fixed_packages
0
url pkg:apk/alpine/openssh@7.4_p1-r0?arch=armv7&distroversion=v3.11&reponame=main
purl pkg:apk/alpine/openssh@7.4_p1-r0?arch=armv7&distroversion=v3.11&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssh@7.4_p1-r0%3Farch=armv7&distroversion=v3.11&reponame=main
aliases CVE-2016-10012
risk_score 3.5
exploitability 0.5
weighted_severity 7.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zm3p-3m17-47cy
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssh@7.4_p1-r0%3Farch=armv7&distroversion=v3.11&reponame=main