{"url":"http://public2.vulnerablecode.io/api/packages/4537?format=json","purl":"pkg:deb/debian/icu@2.0-2.1pre20020303-1","type":"deb","namespace":"debian","name":"icu","version":"2.0-2.1pre20020303-1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"63.1-6+deb10u3","latest_non_vulnerable_version":"63.1-6+deb10u3","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72698?format=json","vulnerability_id":"VCID-1937-rk84-qydq","summary":"Use-after-free vulnerability in International Components for Unicode (ICU), as used in Google Chrome before 30.0.1599.66 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2924.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2924.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2924","reference_id":"","reference_type":"","scores":[{"value":"0.00672","scoring_system":"epss","scoring_elements":"0.71785","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2924"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0900","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0900"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2906","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2906"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2907","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2907"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2908","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2908"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2909","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2909"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2910","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2910"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2911","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2911"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2912","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2912"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2913","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2913"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2915","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2915"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2916","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2916"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2917","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2917"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2918","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2918"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2919","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2919"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2920","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2920"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2921","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2921"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2922","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2922"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2923","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2923"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2924","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2924"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2925","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2925"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2926","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2926"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2927","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2927"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2928","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2928"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1014886","reference_id":"1014886","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1014886"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=726477","reference_id":"726477","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=726477"},{"reference_url":"https://security.gentoo.org/glsa/201402-14","reference_id":"GLSA-201402-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201402-14"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4544?format=json","purl":"pkg:deb/debian/icu@4.8.1.1-12%2Bdeb7u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6grx-g6uw-yybd"},{"vulnerability":"VCID-8ucv-hrcz-uqau"},{"vulnerability":"VCID-9ubw-4yby-v3bp"},{"vulnerability":"VCID-f3kd-641n-17ch"},{"vulnerability":"VCID-hkbb-bc99-yqdd"},{"vulnerability":"VCID-wpkr-mbq4-ekg5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icu@4.8.1.1-12%252Bdeb7u3"}],"aliases":["CVE-2013-2924"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1937-rk84-qydq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72697?format=json","vulnerability_id":"VCID-3yjj-bp6d-tkab","summary":"Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect availability via unknown vectors related to 2D.  NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to \"font processing errors\" in the International Components for Unicode (ICU) Layout Engine before 51.2.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2419.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2419.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2419","reference_id":"","reference_type":"","scores":[{"value":"0.12809","scoring_system":"epss","scoring_elements":"0.94152","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2419"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1569","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1569"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2383","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2383"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2384","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2384"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2419","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2419"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6585","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6585"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6591","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6591"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7923","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7923"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7926","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7926"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7940","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7940"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9654","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9654"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=952656","reference_id":"952656","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=952656"},{"reference_url":"https://security.gentoo.org/glsa/201401-30","reference_id":"GLSA-201401-30","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201401-30"},{"reference_url":"https://security.gentoo.org/glsa/201406-32","reference_id":"GLSA-201406-32","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201406-32"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0751","reference_id":"RHSA-2013:0751","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0751"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0752","reference_id":"RHSA-2013:0752","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0752"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0757","reference_id":"RHSA-2013:0757","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0757"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0758","reference_id":"RHSA-2013:0758","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0758"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0770","reference_id":"RHSA-2013:0770","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0770"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0822","reference_id":"RHSA-2013:0822","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0822"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0823","reference_id":"RHSA-2013:0823","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0823"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0855","reference_id":"RHSA-2013:0855","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0855"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1455","reference_id":"RHSA-2013:1455","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1455"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1456","reference_id":"RHSA-2013:1456","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1456"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4544?format=json","purl":"pkg:deb/debian/icu@4.8.1.1-12%2Bdeb7u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6grx-g6uw-yybd"},{"vulnerability":"VCID-8ucv-hrcz-uqau"},{"vulnerability":"VCID-9ubw-4yby-v3bp"},{"vulnerability":"VCID-f3kd-641n-17ch"},{"vulnerability":"VCID-hkbb-bc99-yqdd"},{"vulnerability":"VCID-wpkr-mbq4-ekg5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icu@4.8.1.1-12%252Bdeb7u3"}],"aliases":["CVE-2013-2419"],"risk_score":0.2,"exploitability":"2.0","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3yjj-bp6d-tkab"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72707?format=json","vulnerability_id":"VCID-562t-my7q-fkhk","summary":"The Regular Expressions package in International Components for Unicode (ICU) for C/C++ before 2014-12-03, as used in Google Chrome before 40.0.2214.91, calculates certain values without ensuring that they can be represented in a 24-bit field, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted string, a related issue to CVE-2014-7923.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9654.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9654.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9654","reference_id":"","reference_type":"","scores":[{"value":"0.01671","scoring_system":"epss","scoring_elements":"0.82463","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9654"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1569","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1569"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2383","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2383"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2384","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2384"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2419","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2419"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6585","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6585"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6591","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6591"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7923","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7923"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7926","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7926"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7940","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7940"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9654","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9654"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1190129","reference_id":"1190129","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1190129"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776719","reference_id":"776719","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776719"},{"reference_url":"https://security.gentoo.org/glsa/201503-06","reference_id":"GLSA-201503-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201503-06"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0093","reference_id":"RHSA-2015:0093","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0093"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4544?format=json","purl":"pkg:deb/debian/icu@4.8.1.1-12%2Bdeb7u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6grx-g6uw-yybd"},{"vulnerability":"VCID-8ucv-hrcz-uqau"},{"vulnerability":"VCID-9ubw-4yby-v3bp"},{"vulnerability":"VCID-f3kd-641n-17ch"},{"vulnerability":"VCID-hkbb-bc99-yqdd"},{"vulnerability":"VCID-wpkr-mbq4-ekg5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icu@4.8.1.1-12%252Bdeb7u3"}],"aliases":["CVE-2014-9654"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-562t-my7q-fkhk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72718?format=json","vulnerability_id":"VCID-6grx-g6uw-yybd","summary":"Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0494.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0494.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-0494","reference_id":"","reference_type":"","scores":[{"value":"0.05634","scoring_system":"epss","scoring_elements":"0.90506","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-0494"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9911","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9911"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2632","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2632"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4734","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4734"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4803","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4803"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4805","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4805"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4806","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4806"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4835","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4835"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4842","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4842"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4843","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4843"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4844","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4844"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4860","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4860"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4872","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4872"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4881","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4881"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4882","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4882"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4883","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4883"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4893","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4893"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4903","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4903"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4911","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4911"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0402","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0402"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0448","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0448"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0466","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0466"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0483","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0483"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0494","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0494"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6293","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6293"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7415","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7415"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:C/I:C/A:C"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1298906","reference_id":"1298906","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1298906"},{"reference_url":"https://security.gentoo.org/glsa/201603-14","reference_id":"GLSA-201603-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201603-14"},{"reference_url":"https://security.gentoo.org/glsa/201610-08","reference_id":"GLSA-201610-08","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201610-08"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0049","reference_id":"RHSA-2016:0049","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0049"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0050","reference_id":"RHSA-2016:0050","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0050"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0053","reference_id":"RHSA-2016:0053","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0053"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0054","reference_id":"RHSA-2016:0054","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0054"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0055","reference_id":"RHSA-2016:0055","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0055"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0056","reference_id":"RHSA-2016:0056","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0056"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0057","reference_id":"RHSA-2016:0057","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0057"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0067","reference_id":"RHSA-2016:0067","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0067"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0098","reference_id":"RHSA-2016:0098","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0098"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0099","reference_id":"RHSA-2016:0099","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0099"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0100","reference_id":"RHSA-2016:0100","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0100"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0101","reference_id":"RHSA-2016:0101","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0101"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1430","reference_id":"RHSA-2016:1430","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1430"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4546?format=json","purl":"pkg:deb/debian/icu@52.1-8%2Bdeb8u7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9ubw-4yby-v3bp"},{"vulnerability":"VCID-hkbb-bc99-yqdd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icu@52.1-8%252Bdeb8u7"}],"aliases":["CVE-2016-0494"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6grx-g6uw-yybd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72712?format=json","vulnerability_id":"VCID-8ucv-hrcz-uqau","summary":"Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality via unknown vectors related to 2D.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2632.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2632.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2632","reference_id":"","reference_type":"","scores":[{"value":"0.01738","scoring_system":"epss","scoring_elements":"0.8283","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2632"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8873","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8873"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9911","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9911"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0460","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0460"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0469","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0469"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0470","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0470"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0477","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0477"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0478","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0478"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0480","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0480"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0488","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0488"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2590","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2590"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2601","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2601"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2613","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2613"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2621","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2621"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2625","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2625"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2628","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2628"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2632","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2632"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2808","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2808"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4731","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4731"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4732","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4732"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4733","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4733"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4748","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4748"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4749","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4749"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4760","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4760"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4844","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4844"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0494","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0494"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6293","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6293"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7415","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7415"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1242394","reference_id":"1242394","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1242394"},{"reference_url":"https://security.gentoo.org/glsa/201603-11","reference_id":"GLSA-201603-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201603-11"},{"reference_url":"https://security.gentoo.org/glsa/201603-14","reference_id":"GLSA-201603-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201603-14"},{"reference_url":"https://security.gentoo.org/glsa/201701-58","reference_id":"GLSA-201701-58","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-58"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1228","reference_id":"RHSA-2015:1228","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1228"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1229","reference_id":"RHSA-2015:1229","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1229"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1230","reference_id":"RHSA-2015:1230","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1230"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1241","reference_id":"RHSA-2015:1241","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1241"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1242","reference_id":"RHSA-2015:1242","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1242"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1243","reference_id":"RHSA-2015:1243","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1243"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1485","reference_id":"RHSA-2015:1485","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1485"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1486","reference_id":"RHSA-2015:1486","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1486"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1488","reference_id":"RHSA-2015:1488","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1488"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1526","reference_id":"RHSA-2015:1526","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1526"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1544","reference_id":"RHSA-2015:1544","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1544"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1604","reference_id":"RHSA-2015:1604","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1604"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4546?format=json","purl":"pkg:deb/debian/icu@52.1-8%2Bdeb8u7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9ubw-4yby-v3bp"},{"vulnerability":"VCID-hkbb-bc99-yqdd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icu@52.1-8%252Bdeb8u7"}],"aliases":["CVE-2015-2632"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8ucv-hrcz-uqau"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4356?format=json","vulnerability_id":"VCID-9ubw-4yby-v3bp","summary":"arbitrary code execution","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14952.json","reference_id":"","reference_type":"","scores":[{"value":"4.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14952.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14952","reference_id":"","reference_type":"","scores":[{"value":"0.02941","scoring_system":"epss","scoring_elements":"0.86698","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14952"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14952","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14952"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:P/I:P/A:P"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1510930","reference_id":"1510930","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1510930"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878840","reference_id":"878840","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878840"},{"reference_url":"https://security.archlinux.org/ASA-201711-25","reference_id":"ASA-201711-25","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201711-25"},{"reference_url":"https://security.archlinux.org/ASA-201711-26","reference_id":"ASA-201711-26","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201711-26"},{"reference_url":"https://security.archlinux.org/AVG-504","reference_id":"AVG-504","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-504"},{"reference_url":"https://security.archlinux.org/AVG-507","reference_id":"AVG-507","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-507"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5830?format=json","purl":"pkg:deb/debian/icu@63.1-6%2Bdeb10u3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icu@63.1-6%252Bdeb10u3"}],"aliases":["CVE-2017-14952"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9ubw-4yby-v3bp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72700?format=json","vulnerability_id":"VCID-bkbn-dxg2-dqfk","summary":"Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to 2D, a different vulnerability than CVE-2014-6591.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-6585.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-6585.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-6585","reference_id":"","reference_type":"","scores":[{"value":"0.01314","scoring_system":"epss","scoring_elements":"0.80176","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-6585"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1569","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1569"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2383","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2383"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2384","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2384"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2419","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2419"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6585","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6585"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6587","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6587"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6591","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6591"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6593","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6593"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6601","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6601"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7923","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7923"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7926","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7926"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7940","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7940"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9654","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9654"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0383","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0383"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0395","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0395"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0407","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0407"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0408","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0408"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0410","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0410"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0412","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0412"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1183645","reference_id":"1183645","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1183645"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776264","reference_id":"776264","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776264"},{"reference_url":"https://security.gentoo.org/glsa/201507-14","reference_id":"GLSA-201507-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201507-14"},{"reference_url":"https://security.gentoo.org/glsa/201603-14","reference_id":"GLSA-201603-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201603-14"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0067","reference_id":"RHSA-2015:0067","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0067"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0068","reference_id":"RHSA-2015:0068","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0068"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0069","reference_id":"RHSA-2015:0069","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0069"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0079","reference_id":"RHSA-2015:0079","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0079"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0080","reference_id":"RHSA-2015:0080","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0080"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0085","reference_id":"RHSA-2015:0085","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0085"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0086","reference_id":"RHSA-2015:0086","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0086"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0133","reference_id":"RHSA-2015:0133","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0133"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0134","reference_id":"RHSA-2015:0134","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0134"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0135","reference_id":"RHSA-2015:0135","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0135"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0136","reference_id":"RHSA-2015:0136","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0136"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0263","reference_id":"RHSA-2015:0263","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0263"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0264","reference_id":"RHSA-2015:0264","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0264"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4544?format=json","purl":"pkg:deb/debian/icu@4.8.1.1-12%2Bdeb7u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6grx-g6uw-yybd"},{"vulnerability":"VCID-8ucv-hrcz-uqau"},{"vulnerability":"VCID-9ubw-4yby-v3bp"},{"vulnerability":"VCID-f3kd-641n-17ch"},{"vulnerability":"VCID-hkbb-bc99-yqdd"},{"vulnerability":"VCID-wpkr-mbq4-ekg5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icu@4.8.1.1-12%252Bdeb7u3"}],"aliases":["CVE-2014-6585"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bkbn-dxg2-dqfk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72693?format=json","vulnerability_id":"VCID-bvhc-8fge-9uez","summary":"Race condition in the International Components for Unicode (ICU) functionality in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0900.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0900.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-0900","reference_id":"","reference_type":"","scores":[{"value":"0.00934","scoring_system":"epss","scoring_elements":"0.76529","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-0900"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0900","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0900"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2924","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2924"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702346","reference_id":"702346","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702346"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=918167","reference_id":"918167","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=918167"},{"reference_url":"https://security.gentoo.org/glsa/201309-16","reference_id":"GLSA-201309-16","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201309-16"},{"reference_url":"https://security.gentoo.org/glsa/201402-14","reference_id":"GLSA-201402-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201402-14"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4544?format=json","purl":"pkg:deb/debian/icu@4.8.1.1-12%2Bdeb7u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6grx-g6uw-yybd"},{"vulnerability":"VCID-8ucv-hrcz-uqau"},{"vulnerability":"VCID-9ubw-4yby-v3bp"},{"vulnerability":"VCID-f3kd-641n-17ch"},{"vulnerability":"VCID-hkbb-bc99-yqdd"},{"vulnerability":"VCID-wpkr-mbq4-ekg5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icu@4.8.1.1-12%252Bdeb7u3"}],"aliases":["CVE-2013-0900"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bvhc-8fge-9uez"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72703?format=json","vulnerability_id":"VCID-excs-dj44-yfby","summary":"The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via vectors related to a zero-length quantifier.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7926.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7926.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-7926","reference_id":"","reference_type":"","scores":[{"value":"0.02564","scoring_system":"epss","scoring_elements":"0.85799","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-7926"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1569","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1569"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2383","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2383"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2384","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2384"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2419","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2419"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6585","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6585"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6591","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6591"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7923","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7923"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7926","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7926"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7940","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7940"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9654","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9654"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1185205","reference_id":"1185205","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1185205"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776265","reference_id":"776265","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776265"},{"reference_url":"https://security.gentoo.org/glsa/201502-13","reference_id":"GLSA-201502-13","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201502-13"},{"reference_url":"https://security.gentoo.org/glsa/201503-06","reference_id":"GLSA-201503-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201503-06"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0093","reference_id":"RHSA-2015:0093","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0093"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4544?format=json","purl":"pkg:deb/debian/icu@4.8.1.1-12%2Bdeb7u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6grx-g6uw-yybd"},{"vulnerability":"VCID-8ucv-hrcz-uqau"},{"vulnerability":"VCID-9ubw-4yby-v3bp"},{"vulnerability":"VCID-f3kd-641n-17ch"},{"vulnerability":"VCID-hkbb-bc99-yqdd"},{"vulnerability":"VCID-wpkr-mbq4-ekg5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icu@4.8.1.1-12%252Bdeb7u3"}],"aliases":["CVE-2014-7926"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-excs-dj44-yfby"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72715?format=json","vulnerability_id":"VCID-f3kd-641n-17ch","summary":"Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4760.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4760.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4760","reference_id":"","reference_type":"","scores":[{"value":"0.09686","scoring_system":"epss","scoring_elements":"0.93063","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4760"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8146","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8146"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8147","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8147"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8873","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8873"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0460","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0460"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0469","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0469"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0470","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0470"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0477","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0477"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0478","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0478"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0480","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0480"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0488","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0488"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2590","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2590"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2601","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2601"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2613","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2613"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2621","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2621"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2625","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2625"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2628","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2628"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2632","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2632"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2808","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2808"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4731","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4731"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4732","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4732"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4733","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4733"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4748","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4748"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4749","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4749"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4760","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4760"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1242447","reference_id":"1242447","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1242447"},{"reference_url":"https://security.gentoo.org/glsa/201603-11","reference_id":"GLSA-201603-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201603-11"},{"reference_url":"https://security.gentoo.org/glsa/201603-14","reference_id":"GLSA-201603-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201603-14"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1228","reference_id":"RHSA-2015:1228","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1228"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1229","reference_id":"RHSA-2015:1229","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1229"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1230","reference_id":"RHSA-2015:1230","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1230"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1241","reference_id":"RHSA-2015:1241","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1241"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1242","reference_id":"RHSA-2015:1242","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1242"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1243","reference_id":"RHSA-2015:1243","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1243"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1485","reference_id":"RHSA-2015:1485","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1485"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1486","reference_id":"RHSA-2015:1486","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1486"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1488","reference_id":"RHSA-2015:1488","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1488"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1526","reference_id":"RHSA-2015:1526","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1526"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1544","reference_id":"RHSA-2015:1544","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1544"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1604","reference_id":"RHSA-2015:1604","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1604"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4544?format=json","purl":"pkg:deb/debian/icu@4.8.1.1-12%2Bdeb7u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6grx-g6uw-yybd"},{"vulnerability":"VCID-8ucv-hrcz-uqau"},{"vulnerability":"VCID-9ubw-4yby-v3bp"},{"vulnerability":"VCID-f3kd-641n-17ch"},{"vulnerability":"VCID-hkbb-bc99-yqdd"},{"vulnerability":"VCID-wpkr-mbq4-ekg5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icu@4.8.1.1-12%252Bdeb7u3"},{"url":"http://public2.vulnerablecode.io/api/packages/4546?format=json","purl":"pkg:deb/debian/icu@52.1-8%2Bdeb8u7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9ubw-4yby-v3bp"},{"vulnerability":"VCID-hkbb-bc99-yqdd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icu@52.1-8%252Bdeb8u7"}],"aliases":["CVE-2015-4760"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f3kd-641n-17ch"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72704?format=json","vulnerability_id":"VCID-fbng-2ww3-6bdu","summary":"The collator implementation in i18n/ucol.cpp in International Components for Unicode (ICU) 52 through SVN revision 293126, as used in Google Chrome before 40.0.2214.91, does not initialize memory for a data structure, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted character sequence.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7940.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7940.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-7940","reference_id":"","reference_type":"","scores":[{"value":"0.02423","scoring_system":"epss","scoring_elements":"0.85412","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-7940"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1569","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1569"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2383","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2383"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2384","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2384"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2419","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2419"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6585","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6585"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6591","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6591"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7923","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7923"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7926","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7926"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7940","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7940"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9654","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9654"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1185220","reference_id":"1185220","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1185220"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776265","reference_id":"776265","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776265"},{"reference_url":"https://security.gentoo.org/glsa/201502-13","reference_id":"GLSA-201502-13","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201502-13"},{"reference_url":"https://security.gentoo.org/glsa/201503-06","reference_id":"GLSA-201503-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201503-06"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0093","reference_id":"RHSA-2015:0093","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0093"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4544?format=json","purl":"pkg:deb/debian/icu@4.8.1.1-12%2Bdeb7u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6grx-g6uw-yybd"},{"vulnerability":"VCID-8ucv-hrcz-uqau"},{"vulnerability":"VCID-9ubw-4yby-v3bp"},{"vulnerability":"VCID-f3kd-641n-17ch"},{"vulnerability":"VCID-hkbb-bc99-yqdd"},{"vulnerability":"VCID-wpkr-mbq4-ekg5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icu@4.8.1.1-12%252Bdeb7u3"}],"aliases":["CVE-2014-7940"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fbng-2ww3-6bdu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4331?format=json","vulnerability_id":"VCID-hkbb-bc99-yqdd","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15422.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15422.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15422","reference_id":"","reference_type":"","scores":[{"value":"0.02598","scoring_system":"epss","scoring_elements":"0.85888","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15422"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15422","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15422"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1523136","reference_id":"1523136","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1523136"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892766","reference_id":"892766","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892766"},{"reference_url":"https://security.archlinux.org/ASA-201712-5","reference_id":"ASA-201712-5","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201712-5"},{"reference_url":"https://security.archlinux.org/AVG-544","reference_id":"AVG-544","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-544"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3401","reference_id":"RHSA-2017:3401","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3401"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4546?format=json","purl":"pkg:deb/debian/icu@52.1-8%2Bdeb8u7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9ubw-4yby-v3bp"},{"vulnerability":"VCID-hkbb-bc99-yqdd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icu@52.1-8%252Bdeb8u7"},{"url":"http://public2.vulnerablecode.io/api/packages/5083?format=json","purl":"pkg:deb/debian/icu@57.1-6%2Bdeb9u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9ubw-4yby-v3bp"},{"vulnerability":"VCID-hkbb-bc99-yqdd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icu@57.1-6%252Bdeb9u4"},{"url":"http://public2.vulnerablecode.io/api/packages/5830?format=json","purl":"pkg:deb/debian/icu@63.1-6%2Bdeb10u3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icu@63.1-6%252Bdeb10u3"}],"aliases":["CVE-2017-15422"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hkbb-bc99-yqdd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72695?format=json","vulnerability_id":"VCID-kauc-686u-jqeh","summary":"Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-1569, CVE-2013-2384, and CVE-2013-2420. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to \"handling of [a] glyph table\" in the International Components for Unicode (ICU) Layout Engine before 51.2.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2383.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2383.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2383","reference_id":"","reference_type":"","scores":[{"value":"0.0562","scoring_system":"epss","scoring_elements":"0.90497","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2383"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1569","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1569"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2383","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2383"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2384","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2384"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2419","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2419"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6585","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6585"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6591","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6591"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7923","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7923"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7926","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7926"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7940","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7940"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9654","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9654"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=952708","reference_id":"952708","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=952708"},{"reference_url":"https://security.gentoo.org/glsa/201401-30","reference_id":"GLSA-201401-30","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201401-30"},{"reference_url":"https://security.gentoo.org/glsa/201406-32","reference_id":"GLSA-201406-32","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201406-32"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0751","reference_id":"RHSA-2013:0751","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0751"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0752","reference_id":"RHSA-2013:0752","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0752"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0757","reference_id":"RHSA-2013:0757","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0757"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0758","reference_id":"RHSA-2013:0758","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0758"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0770","reference_id":"RHSA-2013:0770","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0770"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0822","reference_id":"RHSA-2013:0822","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0822"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0823","reference_id":"RHSA-2013:0823","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0823"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0855","reference_id":"RHSA-2013:0855","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0855"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1455","reference_id":"RHSA-2013:1455","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1455"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1456","reference_id":"RHSA-2013:1456","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1456"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4544?format=json","purl":"pkg:deb/debian/icu@4.8.1.1-12%2Bdeb7u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6grx-g6uw-yybd"},{"vulnerability":"VCID-8ucv-hrcz-uqau"},{"vulnerability":"VCID-9ubw-4yby-v3bp"},{"vulnerability":"VCID-f3kd-641n-17ch"},{"vulnerability":"VCID-hkbb-bc99-yqdd"},{"vulnerability":"VCID-wpkr-mbq4-ekg5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icu@4.8.1.1-12%252Bdeb7u3"}],"aliases":["CVE-2013-2383"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kauc-686u-jqeh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72706?format=json","vulnerability_id":"VCID-qwzq-dmn1-j7fy","summary":"The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 uses an integer data type that is inconsistent with a header file, which allows remote attackers to cause a denial of service (incorrect malloc followed by invalid free) or possibly execute arbitrary code via crafted text.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8147.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8147.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-8147","reference_id":"","reference_type":"","scores":[{"value":"0.41904","scoring_system":"epss","scoring_elements":"0.97501","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-8147"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8146","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8146"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8147","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8147"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4760","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4760"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1176200","reference_id":"1176200","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1176200"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=784773","reference_id":"784773","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=784773"},{"reference_url":"https://security.gentoo.org/glsa/201507-04","reference_id":"GLSA-201507-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201507-04"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4544?format=json","purl":"pkg:deb/debian/icu@4.8.1.1-12%2Bdeb7u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6grx-g6uw-yybd"},{"vulnerability":"VCID-8ucv-hrcz-uqau"},{"vulnerability":"VCID-9ubw-4yby-v3bp"},{"vulnerability":"VCID-f3kd-641n-17ch"},{"vulnerability":"VCID-hkbb-bc99-yqdd"},{"vulnerability":"VCID-wpkr-mbq4-ekg5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icu@4.8.1.1-12%252Bdeb7u3"}],"aliases":["CVE-2014-8147"],"risk_score":0.8,"exploitability":"2.0","weighted_severity":"0.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qwzq-dmn1-j7fy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72696?format=json","vulnerability_id":"VCID-rz8q-v7bh-9fe1","summary":"Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-1569, CVE-2013-2383, and CVE-2013-2420. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to \"font layout\" in the International Components for Unicode (ICU) Layout Engine before 51.2.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2384.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2384.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2384","reference_id":"","reference_type":"","scores":[{"value":"0.0562","scoring_system":"epss","scoring_elements":"0.90497","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2384"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1569","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1569"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2383","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2383"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2384","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2384"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2419","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2419"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6585","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6585"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6591","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6591"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7923","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7923"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7926","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7926"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7940","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7940"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9654","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9654"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=952709","reference_id":"952709","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=952709"},{"reference_url":"https://security.gentoo.org/glsa/201401-30","reference_id":"GLSA-201401-30","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201401-30"},{"reference_url":"https://security.gentoo.org/glsa/201406-32","reference_id":"GLSA-201406-32","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201406-32"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0751","reference_id":"RHSA-2013:0751","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0751"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0752","reference_id":"RHSA-2013:0752","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0752"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0757","reference_id":"RHSA-2013:0757","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0757"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0758","reference_id":"RHSA-2013:0758","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0758"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0770","reference_id":"RHSA-2013:0770","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0770"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0822","reference_id":"RHSA-2013:0822","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0822"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0823","reference_id":"RHSA-2013:0823","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0823"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0855","reference_id":"RHSA-2013:0855","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0855"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1455","reference_id":"RHSA-2013:1455","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1455"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1456","reference_id":"RHSA-2013:1456","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1456"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4544?format=json","purl":"pkg:deb/debian/icu@4.8.1.1-12%2Bdeb7u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6grx-g6uw-yybd"},{"vulnerability":"VCID-8ucv-hrcz-uqau"},{"vulnerability":"VCID-9ubw-4yby-v3bp"},{"vulnerability":"VCID-f3kd-641n-17ch"},{"vulnerability":"VCID-hkbb-bc99-yqdd"},{"vulnerability":"VCID-wpkr-mbq4-ekg5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icu@4.8.1.1-12%252Bdeb7u3"}],"aliases":["CVE-2013-2384"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rz8q-v7bh-9fe1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72694?format=json","vulnerability_id":"VCID-scv7-4fwv-vyek","summary":"Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.  NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to \"checking of [a] glyph table\" in the International Components for Unicode (ICU) Layout Engine before 51.2.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1569.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1569.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1569","reference_id":"","reference_type":"","scores":[{"value":"0.0147","scoring_system":"epss","scoring_elements":"0.81262","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1569"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1569","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1569"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2383","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2383"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2384","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2384"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2419","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2419"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6585","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6585"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6591","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6591"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7923","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7923"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7926","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7926"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7940","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7940"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9654","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9654"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=952711","reference_id":"952711","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=952711"},{"reference_url":"https://security.gentoo.org/glsa/201401-30","reference_id":"GLSA-201401-30","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201401-30"},{"reference_url":"https://security.gentoo.org/glsa/201406-32","reference_id":"GLSA-201406-32","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201406-32"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0751","reference_id":"RHSA-2013:0751","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0751"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0752","reference_id":"RHSA-2013:0752","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0752"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0757","reference_id":"RHSA-2013:0757","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0757"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0758","reference_id":"RHSA-2013:0758","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0758"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0770","reference_id":"RHSA-2013:0770","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0770"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0822","reference_id":"RHSA-2013:0822","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0822"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0823","reference_id":"RHSA-2013:0823","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0823"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0855","reference_id":"RHSA-2013:0855","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0855"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1455","reference_id":"RHSA-2013:1455","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1455"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1456","reference_id":"RHSA-2013:1456","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1456"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4544?format=json","purl":"pkg:deb/debian/icu@4.8.1.1-12%2Bdeb7u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6grx-g6uw-yybd"},{"vulnerability":"VCID-8ucv-hrcz-uqau"},{"vulnerability":"VCID-9ubw-4yby-v3bp"},{"vulnerability":"VCID-f3kd-641n-17ch"},{"vulnerability":"VCID-hkbb-bc99-yqdd"},{"vulnerability":"VCID-wpkr-mbq4-ekg5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icu@4.8.1.1-12%252Bdeb7u3"}],"aliases":["CVE-2013-1569"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-scv7-4fwv-vyek"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72723?format=json","vulnerability_id":"VCID-wpkr-mbq4-ekg5","summary":"International Components for Unicode (ICU) for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_setNativeIndex* function.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7867.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7867.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7867","reference_id":"","reference_type":"","scores":[{"value":"0.0112","scoring_system":"epss","scoring_elements":"0.78576","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7867"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7867","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7867"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7868","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7868"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1444097","reference_id":"1444097","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1444097"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860314","reference_id":"860314","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860314"},{"reference_url":"https://security.gentoo.org/glsa/201710-03","reference_id":"GLSA-201710-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201710-03"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4546?format=json","purl":"pkg:deb/debian/icu@52.1-8%2Bdeb8u7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9ubw-4yby-v3bp"},{"vulnerability":"VCID-hkbb-bc99-yqdd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icu@52.1-8%252Bdeb8u7"}],"aliases":["CVE-2017-7867"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wpkr-mbq4-ekg5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72702?format=json","vulnerability_id":"VCID-wsen-t4x7-wuhc","summary":"The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via vectors related to a look-behind expression.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7923.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7923.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-7923","reference_id":"","reference_type":"","scores":[{"value":"0.02564","scoring_system":"epss","scoring_elements":"0.85799","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-7923"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1569","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1569"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2383","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2383"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2384","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2384"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2419","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2419"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6585","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6585"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6591","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6591"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7923","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7923"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7926","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7926"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7940","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7940"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9654","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9654"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1185202","reference_id":"1185202","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1185202"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776265","reference_id":"776265","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776265"},{"reference_url":"https://security.gentoo.org/glsa/201502-13","reference_id":"GLSA-201502-13","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201502-13"},{"reference_url":"https://security.gentoo.org/glsa/201503-06","reference_id":"GLSA-201503-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201503-06"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0093","reference_id":"RHSA-2015:0093","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0093"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4544?format=json","purl":"pkg:deb/debian/icu@4.8.1.1-12%2Bdeb7u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6grx-g6uw-yybd"},{"vulnerability":"VCID-8ucv-hrcz-uqau"},{"vulnerability":"VCID-9ubw-4yby-v3bp"},{"vulnerability":"VCID-f3kd-641n-17ch"},{"vulnerability":"VCID-hkbb-bc99-yqdd"},{"vulnerability":"VCID-wpkr-mbq4-ekg5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icu@4.8.1.1-12%252Bdeb7u3"}],"aliases":["CVE-2014-7923"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wsen-t4x7-wuhc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72701?format=json","vulnerability_id":"VCID-yhgb-pmpp-9uc2","summary":"Unspecified vulnerability in the Java SE component in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to 2D, a different vulnerability than CVE-2014-6585.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-6591.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-6591.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-6591","reference_id":"","reference_type":"","scores":[{"value":"0.01555","scoring_system":"epss","scoring_elements":"0.81774","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-6591"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1569","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1569"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2383","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2383"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2384","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2384"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2419","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2419"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6585","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6585"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6587","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6587"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6591","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6591"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6593","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6593"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6601","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6601"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7923","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7923"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7926","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7926"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7940","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7940"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9654","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9654"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0383","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0383"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0395","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0395"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0407","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0407"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0408","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0408"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0410","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0410"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0412","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0412"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1183646","reference_id":"1183646","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1183646"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775884","reference_id":"775884","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775884"},{"reference_url":"https://security.gentoo.org/glsa/201507-14","reference_id":"GLSA-201507-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201507-14"},{"reference_url":"https://security.gentoo.org/glsa/201603-14","reference_id":"GLSA-201603-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201603-14"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0067","reference_id":"RHSA-2015:0067","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0067"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0068","reference_id":"RHSA-2015:0068","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0068"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0069","reference_id":"RHSA-2015:0069","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0069"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0079","reference_id":"RHSA-2015:0079","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0079"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0080","reference_id":"RHSA-2015:0080","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0080"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0085","reference_id":"RHSA-2015:0085","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0085"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0086","reference_id":"RHSA-2015:0086","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0086"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0133","reference_id":"RHSA-2015:0133","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0133"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0134","reference_id":"RHSA-2015:0134","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0134"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0135","reference_id":"RHSA-2015:0135","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0135"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0136","reference_id":"RHSA-2015:0136","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0136"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0263","reference_id":"RHSA-2015:0263","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0263"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0264","reference_id":"RHSA-2015:0264","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0264"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4544?format=json","purl":"pkg:deb/debian/icu@4.8.1.1-12%2Bdeb7u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6grx-g6uw-yybd"},{"vulnerability":"VCID-8ucv-hrcz-uqau"},{"vulnerability":"VCID-9ubw-4yby-v3bp"},{"vulnerability":"VCID-f3kd-641n-17ch"},{"vulnerability":"VCID-hkbb-bc99-yqdd"},{"vulnerability":"VCID-wpkr-mbq4-ekg5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icu@4.8.1.1-12%252Bdeb7u3"}],"aliases":["CVE-2014-6591"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yhgb-pmpp-9uc2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72705?format=json","vulnerability_id":"VCID-zkex-ss5h-5ke5","summary":"The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 does not properly track directionally isolated pieces of text, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via crafted text.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8146.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8146.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-8146","reference_id":"","reference_type":"","scores":[{"value":"0.25808","scoring_system":"epss","scoring_elements":"0.96359","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-8146"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8146","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8146"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8147","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8147"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4760","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4760"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1176197","reference_id":"1176197","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1176197"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=784773","reference_id":"784773","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=784773"},{"reference_url":"https://github.com/pedrib/PoC/blob/a2842a650de88c582e963493d5e2711aa4a1b747/advisories/i-c-u-fail.txt","reference_id":"CVE-2014-8147;CVE-2014-8146","reference_type":"exploit","scores":[],"url":"https://github.com/pedrib/PoC/blob/a2842a650de88c582e963493d5e2711aa4a1b747/advisories/i-c-u-fail.txt"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/local/43887.txt","reference_id":"CVE-2014-8147;CVE-2014-8146","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/local/43887.txt"},{"reference_url":"https://security.gentoo.org/glsa/201507-04","reference_id":"GLSA-201507-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201507-04"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4544?format=json","purl":"pkg:deb/debian/icu@4.8.1.1-12%2Bdeb7u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6grx-g6uw-yybd"},{"vulnerability":"VCID-8ucv-hrcz-uqau"},{"vulnerability":"VCID-9ubw-4yby-v3bp"},{"vulnerability":"VCID-f3kd-641n-17ch"},{"vulnerability":"VCID-hkbb-bc99-yqdd"},{"vulnerability":"VCID-wpkr-mbq4-ekg5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icu@4.8.1.1-12%252Bdeb7u3"}],"aliases":["CVE-2014-8146"],"risk_score":0.4,"exploitability":"2.0","weighted_severity":"0.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zkex-ss5h-5ke5"}],"fixing_vulnerabilities":[],"risk_score":"4.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icu@2.0-2.1pre20020303-1"}