{"url":"http://public2.vulnerablecode.io/api/packages/45025?format=json","purl":"pkg:deb/debian/heimdal@7.8.git20221117.28daf24%2Bdfsg-2?distro=trixie","type":"deb","namespace":"debian","name":"heimdal","version":"7.8.git20221117.28daf24+dfsg-2","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"7.8.git20221117.28daf24+dfsg-9+deb13u1","latest_non_vulnerable_version":"7.8.git20221117.28daf24+dfsg-11","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/167718?format=json","vulnerability_id":"VCID-1gcm-98cr-c3cw","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-17439","reference_id":"","reference_type":"","scores":[{"value":"0.03783","scoring_system":"epss","scoring_elements":"0.8833","published_at":"2026-06-11T12:55:00Z"},{"value":"0.03783","scoring_system":"epss","scoring_elements":"0.8837","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-17439"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17439","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17439"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878144","reference_id":"878144","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878144"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/45068?format=json","purl":"pkg:deb/debian/heimdal@7.5.0%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.5.0%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45027?format=json","purl":"pkg:deb/debian/heimdal@7.7.0%2Bdfsg-2%2Bdeb11u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.7.0%252Bdfsg-2%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45025?format=json","purl":"pkg:deb/debian/heimdal@7.8.git20221117.28daf24%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.8.git20221117.28daf24%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45029?format=json","purl":"pkg:deb/debian/heimdal@7.8.git20221117.28daf24%2Bdfsg-9%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.8.git20221117.28daf24%252Bdfsg-9%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45028?format=json","purl":"pkg:deb/debian/heimdal@7.8.git20221117.28daf24%2Bdfsg-11?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.8.git20221117.28daf24%252Bdfsg-11%3Fdistro=trixie"}],"aliases":["CVE-2017-17439"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1gcm-98cr-c3cw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9820?format=json","vulnerability_id":"VCID-361t-p67d-pqd2","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3671.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3671.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3671","reference_id":"","reference_type":"","scores":[{"value":"0.05139","scoring_system":"epss","scoring_elements":"0.90082","published_at":"2026-06-11T12:55:00Z"},{"value":"0.05139","scoring_system":"epss","scoring_elements":"0.90113","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3671"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3671","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3671"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44758","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44758"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3437","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3437"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41916","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41916"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42898","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42898"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44640","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44640"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2013080","reference_id":"2013080","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2013080"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=996586","reference_id":"996586","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=996586"},{"reference_url":"https://security.archlinux.org/AVG-2418","reference_id":"AVG-2418","reference_type":"","scores":[{"value":"Low","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2418"},{"reference_url":"https://usn.ubuntu.com/5142-1/","reference_id":"USN-5142-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5142-1/"},{"reference_url":"https://usn.ubuntu.com/5174-1/","reference_id":"USN-5174-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5174-1/"},{"reference_url":"https://usn.ubuntu.com/5675-1/","reference_id":"USN-5675-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5675-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/45076?format=json","purl":"pkg:deb/debian/heimdal@7.7.0%2Bdfsg-2%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.7.0%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45027?format=json","purl":"pkg:deb/debian/heimdal@7.7.0%2Bdfsg-2%2Bdeb11u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.7.0%252Bdfsg-2%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45075?format=json","purl":"pkg:deb/debian/heimdal@7.7.0%2Bdfsg-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.7.0%252Bdfsg-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45025?format=json","purl":"pkg:deb/debian/heimdal@7.8.git20221117.28daf24%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.8.git20221117.28daf24%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45029?format=json","purl":"pkg:deb/debian/heimdal@7.8.git20221117.28daf24%2Bdfsg-9%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.8.git20221117.28daf24%252Bdfsg-9%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45028?format=json","purl":"pkg:deb/debian/heimdal@7.8.git20221117.28daf24%2Bdfsg-11?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.8.git20221117.28daf24%252Bdfsg-11%3Fdistro=trixie"}],"aliases":["CVE-2021-3671"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-361t-p67d-pqd2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/199700?format=json","vulnerability_id":"VCID-392m-qtvh-aqd2","summary":"k5admind (kadmind) for Heimdal allows remote attackers to execute arbitrary code via a Kerberos 4 compatibility administration request whose framing length is less than 2, which leads to a heap-based buffer overflow.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2004-0434","reference_id":"","reference_type":"","scores":[{"value":"0.22372","scoring_system":"epss","scoring_elements":"0.95952","published_at":"2026-06-11T12:55:00Z"},{"value":"0.22372","scoring_system":"epss","scoring_elements":"0.95965","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2004-0434"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0434","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0434"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/45040?format=json","purl":"pkg:deb/debian/heimdal@0.6.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@0.6.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45027?format=json","purl":"pkg:deb/debian/heimdal@7.7.0%2Bdfsg-2%2Bdeb11u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.7.0%252Bdfsg-2%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45025?format=json","purl":"pkg:deb/debian/heimdal@7.8.git20221117.28daf24%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.8.git20221117.28daf24%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45029?format=json","purl":"pkg:deb/debian/heimdal@7.8.git20221117.28daf24%2Bdfsg-9%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.8.git20221117.28daf24%252Bdfsg-9%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45028?format=json","purl":"pkg:deb/debian/heimdal@7.8.git20221117.28daf24%2Bdfsg-11?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.8.git20221117.28daf24%252Bdfsg-11%3Fdistro=trixie"}],"aliases":["CVE-2004-0434"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-392m-qtvh-aqd2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/155024?format=json","vulnerability_id":"VCID-4agr-d5wr-r3fn","summary":"Heimdal before 7.7.1 allows attackers to cause a NULL pointer dereference in a SPNEGO acceptor via a preferred_mech_type of GSS_C_NO_OID and a nonzero initial_response value to send_accept.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-44758","reference_id":"","reference_type":"","scores":[{"value":"0.00349","scoring_system":"epss","scoring_elements":"0.57803","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00349","scoring_system":"epss","scoring_elements":"0.57915","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-44758"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3671","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3671"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44758","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44758"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3437","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3437"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41916","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41916"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42898","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42898"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44640","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44640"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187","reference_id":"1024187","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187"},{"reference_url":"https://security.gentoo.org/glsa/202310-06","reference_id":"202310-06","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-14T15:56:38Z/"}],"url":"https://security.gentoo.org/glsa/202310-06"},{"reference_url":"https://github.com/heimdal/heimdal/commit/f9ec7002cdd526ae84fbacbf153162e118f22580","reference_id":"f9ec7002cdd526ae84fbacbf153162e118f22580","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-14T15:56:38Z/"}],"url":"https://github.com/heimdal/heimdal/commit/f9ec7002cdd526ae84fbacbf153162e118f22580"},{"reference_url":"https://github.com/heimdal/heimdal/security/advisories/GHSA-69h9-669w-88xv","reference_id":"GHSA-69h9-669w-88xv","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-14T15:56:38Z/"}],"url":"https://github.com/heimdal/heimdal/security/advisories/GHSA-69h9-669w-88xv"},{"reference_url":"https://usn.ubuntu.com/5800-1/","reference_id":"USN-5800-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5800-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/45076?format=json","purl":"pkg:deb/debian/heimdal@7.7.0%2Bdfsg-2%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.7.0%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45027?format=json","purl":"pkg:deb/debian/heimdal@7.7.0%2Bdfsg-2%2Bdeb11u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.7.0%252Bdfsg-2%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45077?format=json","purl":"pkg:deb/debian/heimdal@7.8.git20221115.a6cf945%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.8.git20221115.a6cf945%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45025?format=json","purl":"pkg:deb/debian/heimdal@7.8.git20221117.28daf24%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.8.git20221117.28daf24%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45029?format=json","purl":"pkg:deb/debian/heimdal@7.8.git20221117.28daf24%2Bdfsg-9%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.8.git20221117.28daf24%252Bdfsg-9%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45028?format=json","purl":"pkg:deb/debian/heimdal@7.8.git20221117.28daf24%2Bdfsg-11?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.8.git20221117.28daf24%252Bdfsg-11%3Fdistro=trixie"}],"aliases":["CVE-2021-44758"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4agr-d5wr-r3fn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/200005?format=json","vulnerability_id":"VCID-52qy-5xsz-pub4","summary":"Buffer overflow in the slc_add_reply function in various BSD-based Telnet clients, when handling LINEMODE suboptions, allows remote attackers to execute arbitrary code via a reply with a large number of Set Local Character (SLC) commands.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-0469.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-0469.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2005-0469","reference_id":"","reference_type":"","scores":[{"value":"0.4782","scoring_system":"epss","scoring_elements":"0.97781","published_at":"2026-06-11T12:55:00Z"},{"value":"0.4782","scoring_system":"epss","scoring_elements":"0.9779","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2005-0469"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0469","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0469"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1617528","reference_id":"1617528","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1617528"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=302036","reference_id":"302036","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=302036"},{"reference_url":"https://access.redhat.com/errata/RHSA-2005:327","reference_id":"RHSA-2005:327","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2005:327"},{"reference_url":"https://access.redhat.com/errata/RHSA-2005:330","reference_id":"RHSA-2005:330","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2005:330"},{"reference_url":"https://usn.ubuntu.com/101-1/","reference_id":"USN-101-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/101-1/"},{"reference_url":"https://usn.ubuntu.com/224-1/","reference_id":"USN-224-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/224-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/45041?format=json","purl":"pkg:deb/debian/heimdal@0.6.3-10?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@0.6.3-10%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45027?format=json","purl":"pkg:deb/debian/heimdal@7.7.0%2Bdfsg-2%2Bdeb11u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.7.0%252Bdfsg-2%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45025?format=json","purl":"pkg:deb/debian/heimdal@7.8.git20221117.28daf24%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.8.git20221117.28daf24%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45029?format=json","purl":"pkg:deb/debian/heimdal@7.8.git20221117.28daf24%2Bdfsg-9%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.8.git20221117.28daf24%252Bdfsg-9%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45028?format=json","purl":"pkg:deb/debian/heimdal@7.8.git20221117.28daf24%2Bdfsg-11?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.8.git20221117.28daf24%252Bdfsg-11%3Fdistro=trixie"}],"aliases":["CVE-2005-0469"],"risk_score":0.2,"exploitability":"0.5","weighted_severity":"0.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-52qy-5xsz-pub4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/126514?format=json","vulnerability_id":"VCID-5f77-bhvp-hbhg","summary":"security update","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-11103.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-11103.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-11103","reference_id":"","reference_type":"","scores":[{"value":"0.05637","scoring_system":"epss","scoring_elements":"0.90555","published_at":"2026-06-11T12:55:00Z"},{"value":"0.05637","scoring_system":"epss","scoring_elements":"0.90585","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-11103"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11103","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11103"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1469976","reference_id":"1469976","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1469976"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868208","reference_id":"868208","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868208"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868209","reference_id":"868209","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868209"},{"reference_url":"https://usn.ubuntu.com/3353-1/","reference_id":"USN-3353-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3353-1/"},{"reference_url":"https://usn.ubuntu.com/3353-2/","reference_id":"USN-3353-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3353-2/"},{"reference_url":"https://usn.ubuntu.com/3353-3/","reference_id":"USN-3353-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3353-3/"},{"reference_url":"https://usn.ubuntu.com/3353-4/","reference_id":"USN-3353-4","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3353-4/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/45065?format=json","purl":"pkg:deb/debian/heimdal@7.4.0.dfsg.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.4.0.dfsg.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45027?format=json","purl":"pkg:deb/debian/heimdal@7.7.0%2Bdfsg-2%2Bdeb11u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.7.0%252Bdfsg-2%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45025?format=json","purl":"pkg:deb/debian/heimdal@7.8.git20221117.28daf24%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.8.git20221117.28daf24%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45029?format=json","purl":"pkg:deb/debian/heimdal@7.8.git20221117.28daf24%2Bdfsg-9%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.8.git20221117.28daf24%252Bdfsg-9%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45028?format=json","purl":"pkg:deb/debian/heimdal@7.8.git20221117.28daf24%2Bdfsg-11?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.8.git20221117.28daf24%252Bdfsg-11%3Fdistro=trixie"}],"aliases":["CVE-2017-11103"],"risk_score":3.6,"exploitability":"0.5","weighted_severity":"7.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5f77-bhvp-hbhg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/199681?format=json","vulnerability_id":"VCID-5jg8-n4q3-1ka2","summary":"Heimdal 0.6.x before 0.6.1 and 0.5.x before 0.5.3 does not properly perform certain consistency checks for cross-realm requests, which allows remote attackers with control of a realm to impersonate others in the cross-realm trust path.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2004-0371","reference_id":"","reference_type":"","scores":[{"value":"0.00926","scoring_system":"epss","scoring_elements":"0.76494","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00926","scoring_system":"epss","scoring_elements":"0.76564","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2004-0371"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0371","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0371"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/45039?format=json","purl":"pkg:deb/debian/heimdal@0.6.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@0.6.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45027?format=json","purl":"pkg:deb/debian/heimdal@7.7.0%2Bdfsg-2%2Bdeb11u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.7.0%252Bdfsg-2%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45025?format=json","purl":"pkg:deb/debian/heimdal@7.8.git20221117.28daf24%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.8.git20221117.28daf24%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45029?format=json","purl":"pkg:deb/debian/heimdal@7.8.git20221117.28daf24%2Bdfsg-9%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.8.git20221117.28daf24%252Bdfsg-9%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45028?format=json","purl":"pkg:deb/debian/heimdal@7.8.git20221117.28daf24%2Bdfsg-11?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.8.git20221117.28daf24%252Bdfsg-11%3Fdistro=trixie"}],"aliases":["CVE-2004-0371"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5jg8-n4q3-1ka2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/216566?format=json","vulnerability_id":"VCID-6hk4-aedp-j7cc","summary":"The gss_userok function in appl/ftp/ftpd/gss_userok.c in Heimdal 0.7.2 does not allocate memory for the ticketfile pointer before calling free, which allows remote attackers to have an unknown impact via an invalid username.  NOTE: the vulnerability was originally reported for ftpd.c, but this is incorrect.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-5939","reference_id":"","reference_type":"","scores":[{"value":"0.01661","scoring_system":"epss","scoring_elements":"0.82469","published_at":"2026-06-11T12:55:00Z"},{"value":"0.01661","scoring_system":"epss","scoring_elements":"0.8253","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-5939"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/45062?format=json","purl":"pkg:deb/debian/heimdal@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45027?format=json","purl":"pkg:deb/debian/heimdal@7.7.0%2Bdfsg-2%2Bdeb11u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.7.0%252Bdfsg-2%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45025?format=json","purl":"pkg:deb/debian/heimdal@7.8.git20221117.28daf24%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.8.git20221117.28daf24%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45029?format=json","purl":"pkg:deb/debian/heimdal@7.8.git20221117.28daf24%2Bdfsg-9%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.8.git20221117.28daf24%252Bdfsg-9%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45028?format=json","purl":"pkg:deb/debian/heimdal@7.8.git20221117.28daf24%2Bdfsg-11?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.8.git20221117.28daf24%252Bdfsg-11%3Fdistro=trixie"}],"aliases":["CVE-2007-5939"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6hk4-aedp-j7cc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/205218?format=json","vulnerability_id":"VCID-6x95-texh-r7cr","summary":"The transit path validation code in Heimdal before 7.3 might allow attackers to bypass the capath policy protection mechanism by leveraging failure to add the previous hop realm to the transit path of issued tickets.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6594","reference_id":"","reference_type":"","scores":[{"value":"0.00204","scoring_system":"epss","scoring_elements":"0.42433","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00204","scoring_system":"epss","scoring_elements":"0.42596","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6594"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6594","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6594"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/45072?format=json","purl":"pkg:deb/debian/heimdal@7.1.0%2Bdfsg-12?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.1.0%252Bdfsg-12%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45027?format=json","purl":"pkg:deb/debian/heimdal@7.7.0%2Bdfsg-2%2Bdeb11u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.7.0%252Bdfsg-2%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45025?format=json","purl":"pkg:deb/debian/heimdal@7.8.git20221117.28daf24%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.8.git20221117.28daf24%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45029?format=json","purl":"pkg:deb/debian/heimdal@7.8.git20221117.28daf24%2Bdfsg-9%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.8.git20221117.28daf24%252Bdfsg-9%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45028?format=json","purl":"pkg:deb/debian/heimdal@7.8.git20221117.28daf24%2Bdfsg-11?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.8.git20221117.28daf24%252Bdfsg-11%3Fdistro=trixie"}],"aliases":["CVE-2017-6594"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6x95-texh-r7cr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/172509?format=json","vulnerability_id":"VCID-8rf7-rdze-6fce","summary":"Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Versions prior to 7.7.1 are vulnerable to a denial of service vulnerability in Heimdal's PKI certificate validation library, affecting the KDC (via PKINIT) and kinit (via PKINIT), as well as any third-party applications using Heimdal's libhx509. Users should upgrade to Heimdal 7.7.1 or 7.8. There are no known workarounds for this issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41916","reference_id":"","reference_type":"","scores":[{"value":"0.00322","scoring_system":"epss","scoring_elements":"0.55713","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00322","scoring_system":"epss","scoring_elements":"0.55832","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41916"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3671","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3671"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44758","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44758"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3437","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3437"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41916","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41916"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42898","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42898"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44640","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44640"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187","reference_id":"1024187","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187"},{"reference_url":"https://security.gentoo.org/glsa/202310-06","reference_id":"202310-06","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:54:33Z/"}],"url":"https://security.gentoo.org/glsa/202310-06"},{"reference_url":"https://www.debian.org/security/2022/dsa-5287","reference_id":"dsa-5287","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:54:33Z/"}],"url":"https://www.debian.org/security/2022/dsa-5287"},{"reference_url":"https://github.com/heimdal/heimdal/security/advisories/GHSA-mgqr-gvh6-23cx","reference_id":"GHSA-mgqr-gvh6-23cx","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:54:33Z/"}],"url":"https://github.com/heimdal/heimdal/security/advisories/GHSA-mgqr-gvh6-23cx"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/11/msg00034.html","reference_id":"msg00034.html","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:54:33Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2022/11/msg00034.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230216-0008/","reference_id":"ntap-20230216-0008","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:54:33Z/"}],"url":"https://security.netapp.com/advisory/ntap-20230216-0008/"},{"reference_url":"https://usn.ubuntu.com/5766-1/","reference_id":"USN-5766-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5766-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/45076?format=json","purl":"pkg:deb/debian/heimdal@7.7.0%2Bdfsg-2%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.7.0%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45027?format=json","purl":"pkg:deb/debian/heimdal@7.7.0%2Bdfsg-2%2Bdeb11u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.7.0%252Bdfsg-2%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45077?format=json","purl":"pkg:deb/debian/heimdal@7.8.git20221115.a6cf945%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.8.git20221115.a6cf945%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45025?format=json","purl":"pkg:deb/debian/heimdal@7.8.git20221117.28daf24%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.8.git20221117.28daf24%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45029?format=json","purl":"pkg:deb/debian/heimdal@7.8.git20221117.28daf24%2Bdfsg-9%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.8.git20221117.28daf24%252Bdfsg-9%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45028?format=json","purl":"pkg:deb/debian/heimdal@7.8.git20221117.28daf24%2Bdfsg-11?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.8.git20221117.28daf24%252Bdfsg-11%3Fdistro=trixie"}],"aliases":["CVE-2022-41916"],"risk_score":2.6,"exploitability":"0.5","weighted_severity":"5.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8rf7-rdze-6fce"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/184313?format=json","vulnerability_id":"VCID-c39e-2rtv-mfbg","summary":"An error in the rshd daemon of Heimdal could allow authenticated users to\n    elevate privileges.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2006-0582","reference_id":"","reference_type":"","scores":[{"value":"0.00099","scoring_system":"epss","scoring_elements":"0.2704","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00099","scoring_system":"epss","scoring_elements":"0.27244","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2006-0582"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0582","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0582"},{"reference_url":"https://security.gentoo.org/glsa/200603-14","reference_id":"GLSA-200603-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200603-14"},{"reference_url":"https://usn.ubuntu.com/247-1/","reference_id":"USN-247-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/247-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/45054?format=json","purl":"pkg:deb/debian/heimdal@0.7.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@0.7.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45027?format=json","purl":"pkg:deb/debian/heimdal@7.7.0%2Bdfsg-2%2Bdeb11u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.7.0%252Bdfsg-2%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45025?format=json","purl":"pkg:deb/debian/heimdal@7.8.git20221117.28daf24%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.8.git20221117.28daf24%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45029?format=json","purl":"pkg:deb/debian/heimdal@7.8.git20221117.28daf24%2Bdfsg-9%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.8.git20221117.28daf24%252Bdfsg-9%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45028?format=json","purl":"pkg:deb/debian/heimdal@7.8.git20221117.28daf24%2Bdfsg-11?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.8.git20221117.28daf24%252Bdfsg-11%3Fdistro=trixie"}],"aliases":["CVE-2006-0582"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c39e-2rtv-mfbg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/199509?format=json","vulnerability_id":"VCID-e5n1-g4p8-g7ec","summary":"Version 4 of the Kerberos protocol (krb4), as used in Heimdal and other packages, allows an attacker to impersonate any principal in a realm via a chosen-plaintext attack.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2003-0138.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2003-0138.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2003-0138","reference_id":"","reference_type":"","scores":[{"value":"0.05644","scoring_system":"epss","scoring_elements":"0.90561","published_at":"2026-06-11T12:55:00Z"},{"value":"0.05644","scoring_system":"epss","scoring_elements":"0.90591","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2003-0138"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0138","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0138"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1616981","reference_id":"1616981","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1616981"},{"reference_url":"https://access.redhat.com/errata/RHSA-2003:051","reference_id":"RHSA-2003:051","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2003:051"},{"reference_url":"https://access.redhat.com/errata/RHSA-2003:052","reference_id":"RHSA-2003:052","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2003:052"},{"reference_url":"https://access.redhat.com/errata/RHSA-2003:091","reference_id":"RHSA-2003:091","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2003:091"},{"reference_url":"https://access.redhat.com/errata/RHSA-2003:168","reference_id":"RHSA-2003:168","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2003:168"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/45031?format=json","purl":"pkg:deb/debian/heimdal@0.5.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@0.5.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45027?format=json","purl":"pkg:deb/debian/heimdal@7.7.0%2Bdfsg-2%2Bdeb11u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.7.0%252Bdfsg-2%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45025?format=json","purl":"pkg:deb/debian/heimdal@7.8.git20221117.28daf24%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.8.git20221117.28daf24%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45029?format=json","purl":"pkg:deb/debian/heimdal@7.8.git20221117.28daf24%2Bdfsg-9%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.8.git20221117.28daf24%252Bdfsg-9%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45028?format=json","purl":"pkg:deb/debian/heimdal@7.8.git20221117.28daf24%2Bdfsg-11?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.8.git20221117.28daf24%252Bdfsg-11%3Fdistro=trixie"}],"aliases":["CVE-2003-0138"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e5n1-g4p8-g7ec"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/164381?format=json","vulnerability_id":"VCID-egvq-zduv-d7ej","summary":"Heimdal before 7.7.1 allows remote attackers to execute arbitrary code because of an invalid free in the ASN.1 codec used by the Key Distribution Center (KDC).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-44640","reference_id":"","reference_type":"","scores":[{"value":"0.01611","scoring_system":"epss","scoring_elements":"0.82179","published_at":"2026-06-11T12:55:00Z"},{"value":"0.01611","scoring_system":"epss","scoring_elements":"0.82241","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-44640"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3671","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3671"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44758","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44758"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3437","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3437"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41916","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41916"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42898","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42898"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44640","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44640"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187","reference_id":"1024187","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187"},{"reference_url":"https://security.gentoo.org/glsa/202310-06","reference_id":"202310-06","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-15T13:20:08Z/"}],"url":"https://security.gentoo.org/glsa/202310-06"},{"reference_url":"https://github.com/heimdal/heimdal/security/advisories/GHSA-88pm-hfmq-7vv4","reference_id":"GHSA-88pm-hfmq-7vv4","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-15T13:20:08Z/"}],"url":"https://github.com/heimdal/heimdal/security/advisories/GHSA-88pm-hfmq-7vv4"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230216-0008/","reference_id":"ntap-20230216-0008","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-15T13:20:08Z/"}],"url":"https://security.netapp.com/advisory/ntap-20230216-0008/"},{"reference_url":"https://usn.ubuntu.com/5800-1/","reference_id":"USN-5800-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5800-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/45076?format=json","purl":"pkg:deb/debian/heimdal@7.7.0%2Bdfsg-2%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.7.0%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45027?format=json","purl":"pkg:deb/debian/heimdal@7.7.0%2Bdfsg-2%2Bdeb11u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.7.0%252Bdfsg-2%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45077?format=json","purl":"pkg:deb/debian/heimdal@7.8.git20221115.a6cf945%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.8.git20221115.a6cf945%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45025?format=json","purl":"pkg:deb/debian/heimdal@7.8.git20221117.28daf24%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.8.git20221117.28daf24%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45029?format=json","purl":"pkg:deb/debian/heimdal@7.8.git20221117.28daf24%2Bdfsg-9%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.8.git20221117.28daf24%252Bdfsg-9%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45028?format=json","purl":"pkg:deb/debian/heimdal@7.8.git20221117.28daf24%2Bdfsg-11?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.8.git20221117.28daf24%252Bdfsg-11%3Fdistro=trixie"}],"aliases":["CVE-2022-44640"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-egvq-zduv-d7ej"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/199405?format=json","vulnerability_id":"VCID-f8vw-u41e-2ye8","summary":"Multiple buffer overflows in Heimdal before 0.5, possibly in both the (1) kadmind and (2) kdc servers, may allow remote attackers to gain root access.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2002-1225","reference_id":"","reference_type":"","scores":[{"value":"0.01481","scoring_system":"epss","scoring_elements":"0.81405","published_at":"2026-06-11T12:55:00Z"},{"value":"0.01481","scoring_system":"epss","scoring_elements":"0.81465","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2002-1225"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1225","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1225"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/45026?format=json","purl":"pkg:deb/debian/heimdal@0.4e-21?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@0.4e-21%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45027?format=json","purl":"pkg:deb/debian/heimdal@7.7.0%2Bdfsg-2%2Bdeb11u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.7.0%252Bdfsg-2%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45025?format=json","purl":"pkg:deb/debian/heimdal@7.8.git20221117.28daf24%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.8.git20221117.28daf24%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45029?format=json","purl":"pkg:deb/debian/heimdal@7.8.git20221117.28daf24%2Bdfsg-9%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.8.git20221117.28daf24%252Bdfsg-9%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45028?format=json","purl":"pkg:deb/debian/heimdal@7.8.git20221117.28daf24%2Bdfsg-11?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.8.git20221117.28daf24%252Bdfsg-11%3Fdistro=trixie"}],"aliases":["CVE-2002-1225"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f8vw-u41e-2ye8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12129?format=json","vulnerability_id":"VCID-fuvt-1758-eyen","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3437.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3437.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3437","reference_id":"","reference_type":"","scores":[{"value":"0.00727","scoring_system":"epss","scoring_elements":"0.73154","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00727","scoring_system":"epss","scoring_elements":"0.73076","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3437"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3671","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3671"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44758","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44758"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2127","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2127"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3437","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3437"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41916","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41916"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42898","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42898"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44640","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44640"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34966","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34966"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34967","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34967"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34968","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34968"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4091","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4091"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/02/08/1","reference_id":"1","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-22T18:53:20Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/02/08/1"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187","reference_id":"1024187","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187"},{"reference_url":"https://security.gentoo.org/glsa/202309-06","reference_id":"202309-06","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-22T18:53:20Z/"}],"url":"https://security.gentoo.org/glsa/202309-06"},{"reference_url":"https://security.gentoo.org/glsa/202310-06","reference_id":"202310-06","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-22T18:53:20Z/"}],"url":"https://security.gentoo.org/glsa/202310-06"},{"reference_url":"https://security.archlinux.org/AVG-2828","reference_id":"AVG-2828","reference_type":"","scores":[{"value":"Unknown","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2828"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2022-3437","reference_id":"CVE-2022-3437","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-22T18:53:20Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2022-3437"},{"reference_url":"https://www.samba.org/samba/security/CVE-2022-3437.html","reference_id":"CVE-2022-3437.html","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-22T18:53:20Z/"}],"url":"https://www.samba.org/samba/security/CVE-2022-3437.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/04/msg00015.html","reference_id":"msg00015.html","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-22T18:53:20Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2024/04/msg00015.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230216-0008/","reference_id":"ntap-20230216-0008","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-22T18:53:20Z/"}],"url":"https://security.netapp.com/advisory/ntap-20230216-0008/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2137774","reference_id":"show_bug.cgi?id=2137774","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-22T18:53:20Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2137774"},{"reference_url":"https://usn.ubuntu.com/5800-1/","reference_id":"USN-5800-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5800-1/"},{"reference_url":"https://usn.ubuntu.com/5822-1/","reference_id":"USN-5822-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5822-1/"},{"reference_url":"https://usn.ubuntu.com/5936-1/","reference_id":"USN-5936-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5936-1/"},{"reference_url":"https://usn.ubuntu.com/7582-1/","reference_id":"USN-7582-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7582-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/45076?format=json","purl":"pkg:deb/debian/heimdal@7.7.0%2Bdfsg-2%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.7.0%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45027?format=json","purl":"pkg:deb/debian/heimdal@7.7.0%2Bdfsg-2%2Bdeb11u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.7.0%252Bdfsg-2%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45077?format=json","purl":"pkg:deb/debian/heimdal@7.8.git20221115.a6cf945%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.8.git20221115.a6cf945%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45025?format=json","purl":"pkg:deb/debian/heimdal@7.8.git20221117.28daf24%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.8.git20221117.28daf24%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45029?format=json","purl":"pkg:deb/debian/heimdal@7.8.git20221117.28daf24%2Bdfsg-9%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.8.git20221117.28daf24%252Bdfsg-9%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45028?format=json","purl":"pkg:deb/debian/heimdal@7.8.git20221117.28daf24%2Bdfsg-11?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.8.git20221117.28daf24%252Bdfsg-11%3Fdistro=trixie"}],"aliases":["CVE-2022-3437"],"risk_score":2.6,"exploitability":"0.5","weighted_severity":"5.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fuvt-1758-eyen"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/199409?format=json","vulnerability_id":"VCID-g33w-r92p-p3f6","summary":"The kadm_ser_in function in (1) the Kerberos v4compatibility administration daemon (kadmind4) in the MIT Kerberos 5 (krb5) krb5-1.2.6 and earlier, (2) kadmind in KTH Kerberos 4 (eBones) before 1.2.1, and (3) kadmind in KTH Kerberos 5 (Heimdal) before 0.5.1 when compiled with Kerberos 4 support, does not properly verify the length field of a request, which allows remote attackers to execute arbitrary code via a buffer overflow attack.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2002-1235.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2002-1235.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2002-1235","reference_id":"","reference_type":"","scores":[{"value":"0.32917","scoring_system":"epss","scoring_elements":"0.97001","published_at":"2026-06-11T12:55:00Z"},{"value":"0.32917","scoring_system":"epss","scoring_elements":"0.9701","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2002-1235"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1235","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1235"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1616862","reference_id":"1616862","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1616862"},{"reference_url":"https://access.redhat.com/errata/RHSA-2002:242","reference_id":"RHSA-2002:242","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2002:242"},{"reference_url":"https://access.redhat.com/errata/RHSA-2002:250","reference_id":"RHSA-2002:250","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2002:250"},{"reference_url":"https://access.redhat.com/errata/RHSA-2003:168","reference_id":"RHSA-2003:168","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2003:168"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/45030?format=json","purl":"pkg:deb/debian/heimdal@0.4e-22?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@0.4e-22%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45027?format=json","purl":"pkg:deb/debian/heimdal@7.7.0%2Bdfsg-2%2Bdeb11u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.7.0%252Bdfsg-2%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45025?format=json","purl":"pkg:deb/debian/heimdal@7.8.git20221117.28daf24%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.8.git20221117.28daf24%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45029?format=json","purl":"pkg:deb/debian/heimdal@7.8.git20221117.28daf24%2Bdfsg-9%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.8.git20221117.28daf24%252Bdfsg-9%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45028?format=json","purl":"pkg:deb/debian/heimdal@7.8.git20221117.28daf24%2Bdfsg-11?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.8.git20221117.28daf24%252Bdfsg-11%3Fdistro=trixie"}],"aliases":["CVE-2002-1235"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g33w-r92p-p3f6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5001?format=json","vulnerability_id":"VCID-juw5-yd6g-fuf5","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16860.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16860.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-16860","reference_id":"","reference_type":"","scores":[{"value":"0.01169","scoring_system":"epss","scoring_elements":"0.7907","published_at":"2026-06-11T12:55:00Z"},{"value":"0.01169","scoring_system":"epss","scoring_elements":"0.79135","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-16860"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16860","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16860"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12098","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12098"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1705877","reference_id":"1705877","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1705877"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928966","reference_id":"928966","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928966"},{"reference_url":"https://usn.ubuntu.com/3976-1/","reference_id":"USN-3976-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3976-1/"},{"reference_url":"https://usn.ubuntu.com/3976-2/","reference_id":"USN-3976-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3976-2/"},{"reference_url":"https://usn.ubuntu.com/5675-1/","reference_id":"USN-5675-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5675-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/45073?format=json","purl":"pkg:deb/debian/heimdal@7.5.0%2Bdfsg-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.5.0%252Bdfsg-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45027?format=json","purl":"pkg:deb/debian/heimdal@7.7.0%2Bdfsg-2%2Bdeb11u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.7.0%252Bdfsg-2%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45025?format=json","purl":"pkg:deb/debian/heimdal@7.8.git20221117.28daf24%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.8.git20221117.28daf24%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45029?format=json","purl":"pkg:deb/debian/heimdal@7.8.git20221117.28daf24%2Bdfsg-9%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.8.git20221117.28daf24%252Bdfsg-9%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45028?format=json","purl":"pkg:deb/debian/heimdal@7.8.git20221117.28daf24%2Bdfsg-11?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.8.git20221117.28daf24%252Bdfsg-11%3Fdistro=trixie"}],"aliases":["CVE-2018-16860"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-juw5-yd6g-fuf5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/161628?format=json","vulnerability_id":"VCID-kz9c-xx6q-3bfx","summary":"In the client side of Heimdal before 7.6.0, failure to verify anonymous PKINIT PA-PKINIT-KX key exchange permits a man-in-the-middle attack. This issue is in krb5_init_creds_step in lib/krb5/init_creds_pw.c.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12098","reference_id":"","reference_type":"","scores":[{"value":"0.02118","scoring_system":"epss","scoring_elements":"0.84549","published_at":"2026-06-12T12:55:00Z"},{"value":"0.02118","scoring_system":"epss","scoring_elements":"0.84494","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12098"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16860","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16860"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12098","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12098"},{"reference_url":"http://www.h5l.org/pipermail/heimdal-announce/2019-May/000009.html","reference_id":"000009.html","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-15T20:49:17Z/"}],"url":"http://www.h5l.org/pipermail/heimdal-announce/2019-May/000009.html"},{"reference_url":"https://seclists.org/bugtraq/2019/Jun/1","reference_id":"1","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-15T20:49:17Z/"}],"url":"https://seclists.org/bugtraq/2019/Jun/1"},{"reference_url":"https://github.com/heimdal/heimdal/commit/2f7f3d9960aa6ea21358bdf3687cee5149aa35cf","reference_id":"2f7f3d9960aa6ea21358bdf3687cee5149aa35cf","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-15T20:49:17Z/"}],"url":"https://github.com/heimdal/heimdal/commit/2f7f3d9960aa6ea21358bdf3687cee5149aa35cf"},{"reference_url":"https://github.com/heimdal/heimdal/compare/3e58559...bbafe72","reference_id":"3e58559...bbafe72","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-15T20:49:17Z/"}],"url":"https://github.com/heimdal/heimdal/compare/3e58559...bbafe72"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929064","reference_id":"929064","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929064"},{"reference_url":"https://www.debian.org/security/2019/dsa-4455","reference_id":"dsa-4455","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-15T20:49:17Z/"}],"url":"https://www.debian.org/security/2019/dsa-4455"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GIXEDVVMPD6ZAJSMI2EZ7FNEIVNWE5PD/","reference_id":"GIXEDVVMPD6ZAJSMI2EZ7FNEIVNWE5PD","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-15T20:49:17Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GIXEDVVMPD6ZAJSMI2EZ7FNEIVNWE5PD/"},{"reference_url":"https://github.com/heimdal/heimdal/releases/tag/heimdal-7.6.0","reference_id":"heimdal-7.6.0","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-15T20:49:17Z/"}],"url":"https://github.com/heimdal/heimdal/releases/tag/heimdal-7.6.0"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00002.html","reference_id":"msg00002.html","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-15T20:49:17Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00002.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00003.html","reference_id":"msg00003.html","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-15T20:49:17Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00003.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00026.html","reference_id":"msg00026.html","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-15T20:49:17Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00026.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SLXXIF4LOQEAEDAF4UGP2AO6WDNTDFUB/","reference_id":"SLXXIF4LOQEAEDAF4UGP2AO6WDNTDFUB","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-15T20:49:17Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SLXXIF4LOQEAEDAF4UGP2AO6WDNTDFUB/"},{"reference_url":"https://usn.ubuntu.com/5675-1/","reference_id":"USN-5675-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5675-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/45073?format=json","purl":"pkg:deb/debian/heimdal@7.5.0%2Bdfsg-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.5.0%252Bdfsg-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45027?format=json","purl":"pkg:deb/debian/heimdal@7.7.0%2Bdfsg-2%2Bdeb11u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.7.0%252Bdfsg-2%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45025?format=json","purl":"pkg:deb/debian/heimdal@7.8.git20221117.28daf24%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.8.git20221117.28daf24%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45029?format=json","purl":"pkg:deb/debian/heimdal@7.8.git20221117.28daf24%2Bdfsg-9%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.8.git20221117.28daf24%252Bdfsg-9%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45028?format=json","purl":"pkg:deb/debian/heimdal@7.8.git20221117.28daf24%2Bdfsg-11?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.8.git20221117.28daf24%252Bdfsg-11%3Fdistro=trixie"}],"aliases":["CVE-2019-12098"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kz9c-xx6q-3bfx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/165753?format=json","vulnerability_id":"VCID-se3r-jg36-aydy","summary":"The fix for CVE-2022-3437 included changing memcmp to be constant time and a workaround for a compiler bug by adding \"!= 0\" comparisons to the result of memcmp. When these patches were backported to the heimdal-7.7.1 and heimdal-7.8.0 branches (and possibly other branches) a logic inversion sneaked in causing the validation of message integrity codes in gssapi/arcfour to be inverted.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-45142.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-45142.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-45142","reference_id":"","reference_type":"","scores":[{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25197","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25395","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-45142"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45142","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45142"},{"reference_url":"https://www.openwall.com/lists/oss-security/2023/02/08/1","reference_id":"1","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-06T20:20:44Z/"}],"url":"https://www.openwall.com/lists/oss-security/2023/02/08/1"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030849","reference_id":"1030849","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030849"},{"reference_url":"https://security.gentoo.org/glsa/202310-06","reference_id":"202310-06","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-06T20:20:44Z/"}],"url":"https://security.gentoo.org/glsa/202310-06"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2166672","reference_id":"2166672","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2166672"},{"reference_url":"https://usn.ubuntu.com/5849-1/","reference_id":"USN-5849-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5849-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/45027?format=json","purl":"pkg:deb/debian/heimdal@7.7.0%2Bdfsg-2%2Bdeb11u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.7.0%252Bdfsg-2%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45115?format=json","purl":"pkg:deb/debian/heimdal@7.8.git20221117.28daf24%2Bdfsg-1.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.8.git20221117.28daf24%252Bdfsg-1.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45025?format=json","purl":"pkg:deb/debian/heimdal@7.8.git20221117.28daf24%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.8.git20221117.28daf24%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45029?format=json","purl":"pkg:deb/debian/heimdal@7.8.git20221117.28daf24%2Bdfsg-9%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.8.git20221117.28daf24%252Bdfsg-9%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45028?format=json","purl":"pkg:deb/debian/heimdal@7.8.git20221117.28daf24%2Bdfsg-11?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.8.git20221117.28daf24%252Bdfsg-11%3Fdistro=trixie"}],"aliases":["CVE-2022-45142"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-se3r-jg36-aydy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12514?format=json","vulnerability_id":"VCID-sfbg-vws5-4bff","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-42898.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-42898.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-42898","reference_id":"","reference_type":"","scores":[{"value":"0.10832","scoring_system":"epss","scoring_elements":"0.9355","published_at":"2026-06-12T12:55:00Z"},{"value":"0.10832","scoring_system":"epss","scoring_elements":"0.93529","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-42898"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3671","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3671"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44758","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44758"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3437","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3437"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41916","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41916"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42898","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42898"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44640","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44640"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187","reference_id":"1024187","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267","reference_id":"1024267","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267"},{"reference_url":"https://security.gentoo.org/glsa/202309-06","reference_id":"202309-06","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-14T16:11:12Z/"}],"url":"https://security.gentoo.org/glsa/202309-06"},{"reference_url":"https://security.gentoo.org/glsa/202310-06","reference_id":"202310-06","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-14T16:11:12Z/"}],"url":"https://security.gentoo.org/glsa/202310-06"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2140960","reference_id":"2140960","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2140960"},{"reference_url":"https://web.mit.edu/kerberos/advisories/","reference_id":"advisories","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-14T16:11:12Z/"}],"url":"https://web.mit.edu/kerberos/advisories/"},{"reference_url":"https://security.archlinux.org/AVG-2828","reference_id":"AVG-2828","reference_type":"","scores":[{"value":"Unknown","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2828"},{"reference_url":"https://www.samba.org/samba/security/CVE-2022-42898.html","reference_id":"CVE-2022-42898.html","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-14T16:11:12Z/"}],"url":"https://www.samba.org/samba/security/CVE-2022-42898.html"},{"reference_url":"https://github.com/krb5/krb5/commit/ea92d2f0fcceb54a70910fa32e9a0d7a5afc3583","reference_id":"ea92d2f0fcceb54a70910fa32e9a0d7a5afc3583","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-14T16:11:12Z/"}],"url":"https://github.com/krb5/krb5/commit/ea92d2f0fcceb54a70910fa32e9a0d7a5afc3583"},{"reference_url":"https://github.com/heimdal/heimdal/security/advisories/GHSA-64mq-fvfj-5x3c","reference_id":"GHSA-64mq-fvfj-5x3c","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-14T16:11:12Z/"}],"url":"https://github.com/heimdal/heimdal/security/advisories/GHSA-64mq-fvfj-5x3c"},{"reference_url":"https://security.gentoo.org/glsa/202405-11","reference_id":"GLSA-202405-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202405-11"},{"reference_url":"https://web.mit.edu/kerberos/krb5-1.19/","reference_id":"krb5-1.19","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-14T16:11:12Z/"}],"url":"https://web.mit.edu/kerberos/krb5-1.19/"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230216-0008/","reference_id":"ntap-20230216-0008","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-14T16:11:12Z/"}],"url":"https://security.netapp.com/advisory/ntap-20230216-0008/"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230223-0001/","reference_id":"ntap-20230223-0001","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-14T16:11:12Z/"}],"url":"https://security.netapp.com/advisory/ntap-20230223-0001/"},{"reference_url":"https://web.mit.edu/kerberos/krb5-1.20/README-1.20.1.txt","reference_id":"README-1.20.1.txt","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-14T16:11:12Z/"}],"url":"https://web.mit.edu/kerberos/krb5-1.20/README-1.20.1.txt"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8637","reference_id":"RHSA-2022:8637","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8637"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8638","reference_id":"RHSA-2022:8638","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8638"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8639","reference_id":"RHSA-2022:8639","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8639"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8640","reference_id":"RHSA-2022:8640","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8640"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8641","reference_id":"RHSA-2022:8641","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8641"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8648","reference_id":"RHSA-2022:8648","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8648"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8662","reference_id":"RHSA-2022:8662","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8662"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8663","reference_id":"RHSA-2022:8663","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8663"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8669","reference_id":"RHSA-2022:8669","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8669"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:9029","reference_id":"RHSA-2022:9029","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:9029"},{"reference_url":"https://bugzilla.samba.org/show_bug.cgi?id=15203","reference_id":"show_bug.cgi?id=15203","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-14T16:11:12Z/"}],"url":"https://bugzilla.samba.org/show_bug.cgi?id=15203"},{"reference_url":"https://usn.ubuntu.com/5800-1/","reference_id":"USN-5800-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5800-1/"},{"reference_url":"https://usn.ubuntu.com/5822-1/","reference_id":"USN-5822-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5822-1/"},{"reference_url":"https://usn.ubuntu.com/5828-1/","reference_id":"USN-5828-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5828-1/"},{"reference_url":"https://usn.ubuntu.com/5936-1/","reference_id":"USN-5936-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5936-1/"},{"reference_url":"https://usn.ubuntu.com/7582-1/","reference_id":"USN-7582-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7582-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/45076?format=json","purl":"pkg:deb/debian/heimdal@7.7.0%2Bdfsg-2%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.7.0%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45027?format=json","purl":"pkg:deb/debian/heimdal@7.7.0%2Bdfsg-2%2Bdeb11u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.7.0%252Bdfsg-2%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45077?format=json","purl":"pkg:deb/debian/heimdal@7.8.git20221115.a6cf945%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.8.git20221115.a6cf945%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45025?format=json","purl":"pkg:deb/debian/heimdal@7.8.git20221117.28daf24%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.8.git20221117.28daf24%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45029?format=json","purl":"pkg:deb/debian/heimdal@7.8.git20221117.28daf24%2Bdfsg-9%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.8.git20221117.28daf24%252Bdfsg-9%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45028?format=json","purl":"pkg:deb/debian/heimdal@7.8.git20221117.28daf24%2Bdfsg-11?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.8.git20221117.28daf24%252Bdfsg-11%3Fdistro=trixie"}],"aliases":["CVE-2022-42898"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"7.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sfbg-vws5-4bff"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/176618?format=json","vulnerability_id":"VCID-u797-rwv4-4fbn","summary":"A boundary error in Heimdal could result in execution of arbitrary\n    code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-4862.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-4862.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-4862","reference_id":"","reference_type":"","scores":[{"value":"0.92585","scoring_system":"epss","scoring_elements":"0.99756","published_at":"2026-06-11T12:55:00Z"},{"value":"0.92585","scoring_system":"epss","scoring_elements":"0.99757","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-4862"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4862","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4862"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=770325","reference_id":"770325","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=770325"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/bsd/remote/18369.rb","reference_id":"CVE-2011-4862;OSVDB-78020","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/bsd/remote/18369.rb"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/18280.c","reference_id":"CVE-2011-4862;OSVDB-78020","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/18280.c"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/18368.rb","reference_id":"CVE-2011-4862;OSVDB-78020","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/18368.rb"},{"reference_url":"https://security.gentoo.org/glsa/201201-14","reference_id":"GLSA-201201-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201201-14"},{"reference_url":"https://security.gentoo.org/glsa/201202-05","reference_id":"GLSA-201202-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201202-05"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1851","reference_id":"RHSA-2011:1851","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1851"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1852","reference_id":"RHSA-2011:1852","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1852"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1853","reference_id":"RHSA-2011:1853","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1853"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1854","reference_id":"RHSA-2011:1854","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1854"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/45064?format=json","purl":"pkg:deb/debian/heimdal@1.5.dfsg.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@1.5.dfsg.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45027?format=json","purl":"pkg:deb/debian/heimdal@7.7.0%2Bdfsg-2%2Bdeb11u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.7.0%252Bdfsg-2%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45025?format=json","purl":"pkg:deb/debian/heimdal@7.8.git20221117.28daf24%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.8.git20221117.28daf24%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45029?format=json","purl":"pkg:deb/debian/heimdal@7.8.git20221117.28daf24%2Bdfsg-9%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.8.git20221117.28daf24%252Bdfsg-9%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45028?format=json","purl":"pkg:deb/debian/heimdal@7.8.git20221117.28daf24%2Bdfsg-11?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.8.git20221117.28daf24%252Bdfsg-11%3Fdistro=trixie"}],"aliases":["CVE-2011-4862"],"risk_score":1.6,"exploitability":"2.0","weighted_severity":"0.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u797-rwv4-4fbn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6389?format=json","vulnerability_id":"VCID-uba4-t2yd-qqhb","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14870.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14870.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14870","reference_id":"","reference_type":"","scores":[{"value":"0.04669","scoring_system":"epss","scoring_elements":"0.8956","published_at":"2026-06-11T12:55:00Z"},{"value":"0.04669","scoring_system":"epss","scoring_elements":"0.89595","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14870"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14870","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14870"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1778589","reference_id":"1778589","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1778589"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946786","reference_id":"946786","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946786"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/45074?format=json","purl":"pkg:deb/debian/heimdal@7.7.0%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.7.0%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45027?format=json","purl":"pkg:deb/debian/heimdal@7.7.0%2Bdfsg-2%2Bdeb11u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.7.0%252Bdfsg-2%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45025?format=json","purl":"pkg:deb/debian/heimdal@7.8.git20221117.28daf24%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.8.git20221117.28daf24%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45029?format=json","purl":"pkg:deb/debian/heimdal@7.8.git20221117.28daf24%2Bdfsg-9%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.8.git20221117.28daf24%252Bdfsg-9%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45028?format=json","purl":"pkg:deb/debian/heimdal@7.8.git20221117.28daf24%2Bdfsg-11?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.8.git20221117.28daf24%252Bdfsg-11%3Fdistro=trixie"}],"aliases":["CVE-2019-14870"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"4.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uba4-t2yd-qqhb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/199406?format=json","vulnerability_id":"VCID-vj35-sjmt-syhy","summary":"Unknown vulnerabilities in Heimdal before 0.5 with unknown impact, possibly in the (1) kadmind and (2) kdc servers, may allow remote or local attackers to gain root or other access, but not via buffer overflows (CVE-2002-1225).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2002-1226","reference_id":"","reference_type":"","scores":[{"value":"0.00419","scoring_system":"epss","scoring_elements":"0.62321","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00419","scoring_system":"epss","scoring_elements":"0.62422","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2002-1226"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1226","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1226"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/45026?format=json","purl":"pkg:deb/debian/heimdal@0.4e-21?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@0.4e-21%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45027?format=json","purl":"pkg:deb/debian/heimdal@7.7.0%2Bdfsg-2%2Bdeb11u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.7.0%252Bdfsg-2%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45025?format=json","purl":"pkg:deb/debian/heimdal@7.8.git20221117.28daf24%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.8.git20221117.28daf24%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45029?format=json","purl":"pkg:deb/debian/heimdal@7.8.git20221117.28daf24%2Bdfsg-9%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.8.git20221117.28daf24%252Bdfsg-9%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45028?format=json","purl":"pkg:deb/debian/heimdal@7.8.git20221117.28daf24%2Bdfsg-11?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.8.git20221117.28daf24%252Bdfsg-11%3Fdistro=trixie"}],"aliases":["CVE-2002-1226"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vj35-sjmt-syhy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/200319?format=json","vulnerability_id":"VCID-w168-hkt7-mufh","summary":"telnetd in Heimdal 0.6.x before 0.6.6 and 0.7.x before 0.7.2 allows remote unauthenticated attackers to cause a denial of service (server crash) via unknown vectors that trigger a null dereference.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2006-0677","reference_id":"","reference_type":"","scores":[{"value":"0.07878","scoring_system":"epss","scoring_elements":"0.92202","published_at":"2026-06-11T12:55:00Z"},{"value":"0.07878","scoring_system":"epss","scoring_elements":"0.92228","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2006-0677"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0677","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0677"},{"reference_url":"https://usn.ubuntu.com/253-1/","reference_id":"USN-253-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/253-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/45054?format=json","purl":"pkg:deb/debian/heimdal@0.7.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@0.7.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45027?format=json","purl":"pkg:deb/debian/heimdal@7.7.0%2Bdfsg-2%2Bdeb11u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.7.0%252Bdfsg-2%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45025?format=json","purl":"pkg:deb/debian/heimdal@7.8.git20221117.28daf24%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.8.git20221117.28daf24%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45029?format=json","purl":"pkg:deb/debian/heimdal@7.8.git20221117.28daf24%2Bdfsg-9%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.8.git20221117.28daf24%252Bdfsg-9%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45028?format=json","purl":"pkg:deb/debian/heimdal@7.8.git20221117.28daf24%2Bdfsg-11?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.8.git20221117.28daf24%252Bdfsg-11%3Fdistro=trixie"}],"aliases":["CVE-2006-0677"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w168-hkt7-mufh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/186080?format=json","vulnerability_id":"VCID-w4hp-sa3w-3qg1","summary":"Multiple vulnerabilities have been found in MIT Kerberos 5, the\n    most severe of which may allow remote execution of arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1321.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1321.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1321","reference_id":"","reference_type":"","scores":[{"value":"0.01857","scoring_system":"epss","scoring_elements":"0.83453","published_at":"2026-06-11T12:55:00Z"},{"value":"0.01857","scoring_system":"epss","scoring_elements":"0.83513","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1321"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1321","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1321"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=582261","reference_id":"582261","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=582261"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=582466","reference_id":"582466","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=582466"},{"reference_url":"https://security.gentoo.org/glsa/201201-13","reference_id":"GLSA-201201-13","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201201-13"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0423","reference_id":"RHSA-2010:0423","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0423"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0873","reference_id":"RHSA-2010:0873","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0873"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0935","reference_id":"RHSA-2010:0935","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0935"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0152","reference_id":"RHSA-2011:0152","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0152"},{"reference_url":"https://usn.ubuntu.com/940-1/","reference_id":"USN-940-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/940-1/"},{"reference_url":"https://usn.ubuntu.com/940-2/","reference_id":"USN-940-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/940-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/45063?format=json","purl":"pkg:deb/debian/heimdal@1.4.0~git20100605.dfsg.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@1.4.0~git20100605.dfsg.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45027?format=json","purl":"pkg:deb/debian/heimdal@7.7.0%2Bdfsg-2%2Bdeb11u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.7.0%252Bdfsg-2%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45025?format=json","purl":"pkg:deb/debian/heimdal@7.8.git20221117.28daf24%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.8.git20221117.28daf24%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45029?format=json","purl":"pkg:deb/debian/heimdal@7.8.git20221117.28daf24%2Bdfsg-9%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.8.git20221117.28daf24%252Bdfsg-9%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45028?format=json","purl":"pkg:deb/debian/heimdal@7.8.git20221117.28daf24%2Bdfsg-11?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.8.git20221117.28daf24%252Bdfsg-11%3Fdistro=trixie"}],"aliases":["CVE-2010-1321"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w4hp-sa3w-3qg1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/200119?format=json","vulnerability_id":"VCID-yhnv-8ywf-nubj","summary":"Multiple buffer overflows in the getterminaltype function in telnetd for Heimdal before 0.6.5 may allow remote attackers to execute arbitrary code, a different vulnerability than CVE-2005-0468 and CVE-2005-0469.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2005-2040","reference_id":"","reference_type":"","scores":[{"value":"0.02015","scoring_system":"epss","scoring_elements":"0.84106","published_at":"2026-06-11T12:55:00Z"},{"value":"0.02015","scoring_system":"epss","scoring_elements":"0.84163","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2005-2040"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2040","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2040"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=315065","reference_id":"315065","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=315065"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/45043?format=json","purl":"pkg:deb/debian/heimdal@0.6.3-11?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@0.6.3-11%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45027?format=json","purl":"pkg:deb/debian/heimdal@7.7.0%2Bdfsg-2%2Bdeb11u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.7.0%252Bdfsg-2%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45025?format=json","purl":"pkg:deb/debian/heimdal@7.8.git20221117.28daf24%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.8.git20221117.28daf24%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45029?format=json","purl":"pkg:deb/debian/heimdal@7.8.git20221117.28daf24%2Bdfsg-9%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.8.git20221117.28daf24%252Bdfsg-9%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45028?format=json","purl":"pkg:deb/debian/heimdal@7.8.git20221117.28daf24%2Bdfsg-11?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.8.git20221117.28daf24%252Bdfsg-11%3Fdistro=trixie"}],"aliases":["CVE-2005-2040"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yhnv-8ywf-nubj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11976?format=json","vulnerability_id":"VCID-yvwb-h2m5-2kd8","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3116","reference_id":"","reference_type":"","scores":[{"value":"0.00468","scoring_system":"epss","scoring_elements":"0.65022","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00468","scoring_system":"epss","scoring_elements":"0.64922","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3116"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://www.kb.cert.org/vuls/id/730793","reference_id":"730793","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-24T19:11:22Z/"}],"url":"https://www.kb.cert.org/vuls/id/730793"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230505-0010/","reference_id":"ntap-20230505-0010","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-24T19:11:22Z/"}],"url":"https://security.netapp.com/advisory/ntap-20230505-0010/"},{"reference_url":"https://usn.ubuntu.com/5675-1/","reference_id":"USN-5675-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5675-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/45062?format=json","purl":"pkg:deb/debian/heimdal@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45027?format=json","purl":"pkg:deb/debian/heimdal@7.7.0%2Bdfsg-2%2Bdeb11u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.7.0%252Bdfsg-2%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45025?format=json","purl":"pkg:deb/debian/heimdal@7.8.git20221117.28daf24%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.8.git20221117.28daf24%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45029?format=json","purl":"pkg:deb/debian/heimdal@7.8.git20221117.28daf24%2Bdfsg-9%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.8.git20221117.28daf24%252Bdfsg-9%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45028?format=json","purl":"pkg:deb/debian/heimdal@7.8.git20221117.28daf24%2Bdfsg-11?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.8.git20221117.28daf24%252Bdfsg-11%3Fdistro=trixie"}],"aliases":["CVE-2022-3116"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yvwb-h2m5-2kd8"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/heimdal@7.8.git20221117.28daf24%252Bdfsg-2%3Fdistro=trixie"}